27 files changed, 557 insertions, 130 deletions

diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 0ddf9bd..41906c5 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -71,7 +71,7 @@ check_apt_LDADD = $(BASEOBJS)
 check_cluster_LDADD = $(BASEOBJS)
 check_dbi_LDADD = $(NETLIBS) $(DBILIBS)
 check_dig_LDADD = $(NETLIBS)
-check_disk_LDADD = $(BASEOBJS)
+check_disk_LDADD = $(BASEOBJS) $(THREADLIBS)
 check_dns_LDADD = $(NETLIBS)
 check_dummy_LDADD = $(BASEOBJS)
 check_fping_LDADD = $(NETLIBS)
diff --git a/plugins/check_apt.c b/plugins/check_apt.c
index 07622c2..8747f90 100644
--- a/plugins/check_apt.c
+++ b/plugins/check_apt.c
@@ -224,7 +224,7 @@ int run_upgrade(int *pkgcount, int *secpkgcount){
         char *cmdline=NULL, rerrbuf[64];
 
         /* initialize ereg as it is possible it is printed while uninitialized */
-        memset(&ereg, "\0", sizeof(ereg.buffer));
+        memset(&ereg, '\0', sizeof(ereg.buffer));
 
         if(upgrade==NO_UPGRADE) return STATE_OK;
 
diff --git a/plugins/check_by_ssh.c b/plugins/check_by_ssh.c
index 58f333d..a877f88 100644
--- a/plugins/check_by_ssh.c
+++ b/plugins/check_by_ssh.c
@@ -169,7 +169,8 @@ process_arguments (int argc, char **argv)
                 {"verbose", no_argument, 0, 'v'},
                 {"fork", no_argument, 0, 'f'},
                 {"timeout", required_argument, 0, 't'},
-                {"host", required_argument, 0, 'H'},
+                {"host", required_argument, 0, 'H'},    /* backward compatibility */
+                {"hostname", required_argument, 0, 'H'},
                 {"port", required_argument,0,'p'},
                 {"output", required_argument, 0, 'O'},
                 {"name", required_argument, 0, 'n'},
diff --git a/plugins/check_dig.c b/plugins/check_dig.c
index d9481f2..d899b11 100644
--- a/plugins/check_dig.c
+++ b/plugins/check_dig.c
@@ -94,8 +94,8 @@ main (int argc, char **argv)
   timeout_interval_dig = timeout_interval / number_tries + number_tries;
 
   /* get the command to run */
-  xasprintf (&command_line, "%s @%s -p %d %s -t %s %s %s +tries=%d +time=%d",
-            PATH_TO_DIG, dns_server, server_port, query_address, record_type, dig_args, query_transport, number_tries, timeout_interval_dig);
+  xasprintf (&command_line, "%s %s %s -p %d @%s %s %s +tries=%d +time=%d",
+            PATH_TO_DIG, dig_args, query_transport, server_port, dns_server, query_address, record_type, number_tries, timeout_interval_dig);
 
   alarm (timeout_interval);
   gettimeofday (&tv, NULL);
@@ -296,7 +296,10 @@ process_arguments (int argc, char **argv)
       dns_server = argv[c];
     }
     else {
-      dns_server = strdup ("127.0.0.1");
+      if (strcmp(query_transport,"-6") == 0)
+        dns_server = strdup("::1");
+      else
+        dns_server = strdup ("127.0.0.1");
     }
   }
 
diff --git a/plugins/check_disk.c b/plugins/check_disk.c
index 925dfa8..eb573f5 100644
--- a/plugins/check_disk.c
+++ b/plugins/check_disk.c
@@ -51,6 +51,9 @@ const char *email = "devel@monitoring-plugins.org";
 # include <limits.h>
 #endif
 #include "regex.h"
+#if HAVE_PTHREAD_H
+# include <pthread.h>
+#endif
 
 #ifdef __CYGWIN__
 # include <windows.h>
@@ -130,6 +133,7 @@ void print_help (void);
 void print_usage (void);
 double calculate_percent(uintmax_t, uintmax_t);
 void stat_path (struct parameter_list *p);
+void *do_stat_path (void *p);
 void get_stats (struct parameter_list *p, struct fs_usage *fsp);
 void get_path_stats (struct parameter_list *p, struct fs_usage *fsp);
 
@@ -171,6 +175,7 @@ main (int argc, char **argv)
   char *details;
   char *perf;
   char *preamble;
+  char *flag_header;
   double inode_space_pct;
   double warning_high_tide;
   double critical_high_tide;
@@ -353,18 +358,23 @@ main (int argc, char **argv)
       if (disk_result==STATE_OK && erronly && !verbose)
         continue;
 
-      xasprintf (&output, "%s %s %.0f %s (%.0f%%",
-                output,
+      if(disk_result && verbose >= 1) {
+        xasprintf(&flag_header, " %s [", state_text (disk_result));
+      } else {
+        xasprintf(&flag_header, "");
+      }
+      xasprintf (&output, "%s%s %s %.0f %s (%.0f%%",
+                output, flag_header,
                 (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir,
                 path->dfree_units,
                 units,
                 path->dfree_pct);
       if (path->dused_inodes_percent < 0) {
-        xasprintf(&output, "%s inode=-);", output);
+        xasprintf(&output, "%s inode=-)%s;", output, (disk_result ? "]" : ""));
       } else {
-        xasprintf(&output, "%s inode=%.0f%%);", output, path->dfree_inodes_percent );
+        xasprintf(&output, "%s inode=%.0f%%)%s;", output, path->dfree_inodes_percent, ((disk_result && verbose >= 1) ? "]" : ""));
       }
-
+      free(flag_header);
       /* TODO: Need to do a similar debug line
       xasprintf (&details, _("%s\n\
 %.0f of %.0f %s (%.0f%% inode=%.0f%%) free on %s (type %s mounted on %s) warn:%lu crit:%lu warn%%:%.0f%% crit%%:%.0f%%"),
@@ -962,6 +972,44 @@ print_usage (void)
 void
 stat_path (struct parameter_list *p)
 {
+#ifdef HAVE_PTHREAD_H
+  pthread_t stat_thread;
+  int statdone = 0;
+  int timer = timeout_interval;
+  struct timespec req, rem;
+
+  req.tv_sec = 0;
+  pthread_create(&stat_thread, NULL, do_stat_path, p);
+  while (timer-- > 0) {
+    req.tv_nsec = 10000000;
+    nanosleep(&req, &rem);
+    if (pthread_kill(stat_thread, 0)) {
+      statdone = 1;
+      break;
+    } else {
+      req.tv_nsec = 990000000;
+      nanosleep(&req, &rem);
+    }
+  }
+  if (statdone == 1) {
+    pthread_join(stat_thread, NULL);
+  } else {
+    pthread_detach(stat_thread);
+    if (verbose >= 3)
+      printf("stat did not return within %ds on %s\n", timeout_interval, p->name);
+    printf("DISK %s - ", _("CRITICAL"));
+    die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("hangs"), _("Timeout"));
+  }
+#else
+  do_stat_path(p);
+#endif
+}
+
+void *
+do_stat_path (void *in)
+{
+  struct parameter_list *p = in;
+
   /* Stat entry to check that dir exists and is accessible */
   if (verbose >= 3)
     printf("calling stat on %s\n", p->name);
@@ -971,6 +1019,7 @@ stat_path (struct parameter_list *p)
     printf("DISK %s - ", _("CRITICAL"));
     die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("is not accessible"), strerror(errno));
   }
+  return NULL;
 }
 
 
diff --git a/plugins/check_dns.c b/plugins/check_dns.c
index 31a953d..2212122 100644
--- a/plugins/check_dns.c
+++ b/plugins/check_dns.c
@@ -136,6 +136,28 @@ main (int argc, char **argv)
       }
     }
 
+    /* bug ID: 2946553 - Older versions of bind will use all available dns 
+                         servers, we have to match the one specified */
+    if (strstr (chld_out.line[i], "Server:") && strlen(dns_server) > 0) {
+      temp_buffer = strchr (chld_out.line[i], ':');
+      temp_buffer++;
+
+      /* Strip leading tabs */
+      for (; *temp_buffer != '\0' && *temp_buffer == '\t'; temp_buffer++)
+        /* NOOP */;
+
+      strip(temp_buffer);
+      if (temp_buffer==NULL || strlen(temp_buffer)==0) {
+        die (STATE_CRITICAL,
+             _("DNS CRITICAL - '%s' returned empty server string\n"),
+             NSLOOKUP_COMMAND);
+      }
+
+      if (strcmp(temp_buffer, dns_server) != 0) {
+        die (STATE_CRITICAL, _("DNS CRITICAL - No response from DNS %s\n"), dns_server);
+      }
+    }
+
     /* the server is responding, we just got the host name... */
     if (strstr (chld_out.line[i], "Name:"))
       parse_address = TRUE;
diff --git a/plugins/check_fping.c b/plugins/check_fping.c
index 46046b4..274dd75 100644
--- a/plugins/check_fping.c
+++ b/plugins/check_fping.c
@@ -105,7 +105,7 @@ main (int argc, char **argv)
     xasprintf(&option_string, "%s-I %s ", option_string, sourceif);
 
 #ifdef PATH_TO_FPING6
-  if (address_family == AF_INET6)
+  if (address_family != AF_INET && is_inet6_addr(server))
     fping_prog = strdup(PATH_TO_FPING6);
   else
     fping_prog = strdup(PATH_TO_FPING);
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 5167997..2437406 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -875,11 +875,35 @@ check_http (void)
   if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)
     die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
   microsec_connect = deltime (tv_temp);
+
+    /* if we are called with the -I option, the -j method is CONNECT and */
+    /* we received -S for SSL, then we tunnel the request through a proxy*/
+    /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto  */
+
+    if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
+      && host_name != NULL && use_ssl == TRUE) {
+
+    if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT);
+    asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent);
+    asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf);
+    asprintf (&buf, "%sHost: %s\r\n", buf, host_name);
+    /* we finished our request, send empty line with CRLF */
+    asprintf (&buf, "%s%s", buf, CRLF);
+    if (verbose) printf ("%s\n", buf);
+    send(sd, buf, strlen (buf), 0);
+    buf[0]='\0';
+
+    if (verbose) printf ("Receive response from proxy\n");
+    read (sd, buffer, MAX_INPUT_BUFFER-1);
+    if (verbose) printf ("%s", buffer);
+    /* Here we should check if we got HTTP/1.1 200 Connection established */
+  }
 #ifdef HAVE_SSL
   elapsed_time_connect = (double)microsec_connect / 1.0e6;
   if (use_ssl == TRUE) {
     gettimeofday (&tv_temp, NULL);
     result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey);
+    if (verbose) printf ("SSL initialized\n");
     if (result != STATE_OK)
       die (STATE_CRITICAL, NULL);
     microsec_ssl = deltime (tv_temp);
@@ -893,7 +917,11 @@ check_http (void)
   }
 #endif /* HAVE_SSL */
 
-  xasprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+  if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
+       && host_name != NULL && use_ssl == TRUE)
+    asprintf (&buf, "%s %s %s\r\n%s\r\n", "GET", server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+  else
+    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
 
   /* tell HTTP/1.1 servers not to keep the connection alive */
   xasprintf (&buf, "%sConnection: close\r\n", buf);
@@ -906,7 +934,9 @@ check_http (void)
      * (default) port is explicitly specified in the "Host:" header line.
      */
     if ((use_ssl == FALSE && server_port == HTTP_PORT) ||
-        (use_ssl == TRUE && server_port == HTTPS_PORT))
+        (use_ssl == TRUE && server_port == HTTPS_PORT) ||
+        ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
+         && host_name != NULL && use_ssl == TRUE))
       xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);
     else
       xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port);
@@ -1496,7 +1526,7 @@ print_help (void)
   printf ("    %s\n", _("URL to GET or POST (default: /)"));
   printf (" %s\n", "-P, --post=STRING");
   printf ("    %s\n", _("URL encoded http POST data"));
-  printf (" %s\n", "-j, --method=STRING  (for example: HEAD, OPTIONS, TRACE, PUT, DELETE)");
+  printf (" %s\n", "-j, --method=STRING  (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)");
   printf ("    %s\n", _("Set HTTP method."));
   printf (" %s\n", "-N, --no-body");
   printf ("    %s\n", _("Don't wait for document body: stop reading after headers."));
@@ -1570,7 +1600,7 @@ print_help (void)
   printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,"));
   printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
   printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
-  printf (" %s\n", _("the certificate is expired."));
+  printf (" %s\n\n", _("the certificate is expired."));
   printf ("\n");
   printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14");
   printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,"));
@@ -1578,6 +1608,13 @@ print_help (void)
   printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned."));
   printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days"));
 
+  printf (" %s\n\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: ");
+  printf (" %s\n", _("check_http -I 192.168.100.35 -p 80 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com "));
+  printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>"));
+  printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds"));
+  printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
+  printf (" %s\n", _("a STATE_CRITICAL will be returned."));
+
 #endif
 
   printf (UT_SUPPORT);
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index c371be9..cfc8222 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -1,29 +1,29 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_ldap plugin
-* 
+*
 * License: GPL
 * Copyright (c) 2000-2008 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_ldap plugin
-* 
-* 
+*
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
-* 
+*
+*
 *****************************************************************************/
 
 /* progname may be check_ldaps */
@@ -67,7 +67,10 @@ int ld_protocol = DEFAULT_PROTOCOL;
 #endif
 double warn_time = UNDEFINED;
 double crit_time = UNDEFINED;
+thresholds *entries_thresholds = NULL;
 struct timeval tv;
+char* warn_entries = NULL;
+char* crit_entries = NULL;
 int starttls = FALSE;
 int ssl_on_connect = FALSE;
 int verbose = 0;
@@ -94,6 +97,12 @@ main (int argc, char *argv[])
         int tls;
         int version=3;
 
+        /* for entry counting */
+
+        LDAPMessage *next_entry;
+        int status_entries = STATE_OK;
+        int num_entries = 0;
+
         setlocale (LC_ALL, "");
         bindtextdomain (PACKAGE, LOCALEDIR);
         textdomain (PACKAGE);
@@ -197,12 +206,14 @@ main (int argc, char *argv[])
         }
 
         /* do a search of all objectclasses in the base dn */
-        if (ldap_search_s (ld, ld_base, LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result)
+        if (ldap_search_s (ld, ld_base, (crit_entries!=NULL || warn_entries!=NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result)
                         != LDAP_SUCCESS) {
                 if (verbose)
                         ldap_perror(ld, "ldap_search");
                 printf (_("Could not search/find objectclasses in %s\n"), ld_base);
                 return STATE_CRITICAL;
+        } else if (crit_entries!=NULL || warn_entries!=NULL) {
+                num_entries = ldap_count_entries(ld, result);
         }
 
         /* unbind from the ldap server */
@@ -223,14 +234,42 @@ main (int argc, char *argv[])
         else
                 status = STATE_OK;
 
+        if(entries_thresholds != NULL) {
+                if (verbose) {
+                        printf ("entries found: %d\n", num_entries);
+                        print_thresholds("entry threasholds", entries_thresholds);
+                }
+                status_entries = get_status(num_entries, entries_thresholds);
+                if (status_entries == STATE_CRITICAL) {
+                        status = STATE_CRITICAL;
+                } else if (status != STATE_CRITICAL) {
+                        status = status_entries;
+                }
+        }
+
         /* print out the result */
-        printf (_("LDAP %s - %.3f seconds response time|%s\n"),
-                state_text (status),
-                elapsed_time,
-                fperfdata ("time", elapsed_time, "s",
-                          (int)warn_time, warn_time,
-                          (int)crit_time, crit_time,
-                          TRUE, 0, FALSE, 0));
+        if (crit_entries!=NULL || warn_entries!=NULL) {
+                printf (_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"),
+                        state_text (status),
+                        num_entries,
+                        elapsed_time,
+                        fperfdata ("time", elapsed_time, "s",
+                                (int)warn_time, warn_time,
+                                (int)crit_time, crit_time,
+                                TRUE, 0, FALSE, 0),
+                        sperfdata ("entries", (double)num_entries, "",
+                                warn_entries,
+                                crit_entries,
+                                TRUE, 0.0, FALSE, 0.0));
+        } else {
+                printf (_("LDAP %s - %.3f seconds response time|%s\n"),
+                        state_text (status),
+                        elapsed_time,
+                        fperfdata ("time", elapsed_time, "s",
+                                (int)warn_time, warn_time,
+                                (int)crit_time, crit_time,
+                                TRUE, 0, FALSE, 0));
+        }
 
         return status;
 }
@@ -263,6 +302,8 @@ process_arguments (int argc, char **argv)
                 {"port", required_argument, 0, 'p'},
                 {"warn", required_argument, 0, 'w'},
                 {"crit", required_argument, 0, 'c'},
+                {"warn-entries", required_argument, 0, 'W'},
+                {"crit-entries", required_argument, 0, 'C'},
                 {"verbose", no_argument, 0, 'v'},
                 {0, 0, 0, 0}
         };
@@ -276,7 +317,7 @@ process_arguments (int argc, char **argv)
         }
 
         while (1) {
-                c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:", longopts, &option);
+                c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option);
 
                 if (c == -1 || c == EOF)
                         break;
@@ -318,6 +359,12 @@ process_arguments (int argc, char **argv)
                 case 'c':
                         crit_time = strtod (optarg, NULL);
                         break;
+                case 'W':
+                        warn_entries = optarg;
+                        break;
+                case 'C':
+                        crit_entries = optarg;
+                        break;
 #ifdef HAVE_LDAP_SET_OPTION
                 case '2':
                         ld_protocol = 2;
@@ -381,6 +428,10 @@ validate_arguments ()
         if (ld_base==NULL)
                 usage4 (_("Please specify the LDAP base\n"));
 
+        if (crit_entries!=NULL || warn_entries!=NULL) {
+                set_thresholds(&entries_thresholds,
+                        warn_entries, crit_entries);
+        }
         return OK;
 }
 
@@ -430,6 +481,11 @@ print_help (void)
 
         printf (UT_WARN_CRIT);
 
+  printf (" %s\n", "-W [--warn-entries]");
+  printf ("    %s\n", _("Number of found entries to result in warning status"));
+  printf (" %s\n", "-W [--crit-entries]");
+  printf ("    %s\n", _("Number of found entries to result in critical status"));
+
         printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
 
         printf (UT_VERBOSE);
@@ -441,6 +497,7 @@ print_help (void)
         printf (" %s\n", _("'SSL on connect' will be used no matter how the plugin was called."));
         printf (" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags"));
         printf (" %s\n", _("to define the behaviour explicitly instead."));
+        printf (" %s\n", _("The parameters --warn-entries and --crit-entries are optional."));
 
         printf (UT_SUPPORT);
 }
diff --git a/plugins/check_mrtgtraf.c b/plugins/check_mrtgtraf.c
index 32ba050..3b038cf 100644
--- a/plugins/check_mrtgtraf.c
+++ b/plugins/check_mrtgtraf.c
@@ -148,37 +148,37 @@ main (int argc, char **argv)
 
         /* report incoming traffic in Bytes/sec */
         if (incoming_rate < 1024) {
-                strcpy (incoming_speed_rating, "B/s");
+                strcpy (incoming_speed_rating, "B");
                 adjusted_incoming_rate = (double) incoming_rate;
         }
 
         /* report incoming traffic in KBytes/sec */
         else if (incoming_rate < (1024 * 1024)) {
-                strcpy (incoming_speed_rating, "KB/s");
+                strcpy (incoming_speed_rating, "KB");
                 adjusted_incoming_rate = (double) (incoming_rate / 1024.0);
         }
 
         /* report incoming traffic in MBytes/sec */
         else {
-                strcpy (incoming_speed_rating, "MB/s");
+                strcpy (incoming_speed_rating, "MB");
                 adjusted_incoming_rate = (double) (incoming_rate / 1024.0 / 1024.0);
         }
 
         /* report outgoing traffic in Bytes/sec */
         if (outgoing_rate < 1024) {
-                strcpy (outgoing_speed_rating, "B/s");
+                strcpy (outgoing_speed_rating, "B");
                 adjusted_outgoing_rate = (double) outgoing_rate;
         }
 
         /* report outgoing traffic in KBytes/sec */
         else if (outgoing_rate < (1024 * 1024)) {
-                strcpy (outgoing_speed_rating, "KB/s");
+                strcpy (outgoing_speed_rating, "KB");
                 adjusted_outgoing_rate = (double) (outgoing_rate / 1024.0);
         }
 
         /* report outgoing traffic in MBytes/sec */
         else {
-                strcpy (outgoing_speed_rating, "MB/s");
+                strcpy (outgoing_speed_rating, "MB");
                 adjusted_outgoing_rate = (double) (outgoing_rate / 1024.0 / 1024.0);
         }
 
@@ -191,7 +191,7 @@ main (int argc, char **argv)
                 result = STATE_WARNING;
         }
 
-        xasprintf (&error_message, _("%s. In = %0.1f %s, %s. Out = %0.1f %s|%s %s\n"),
+        xasprintf (&error_message, _("%s. In = %0.1f %s/s, %s. Out = %0.1f %s/s|%s %s\n"),
                   (use_average == TRUE) ? _("Avg") : _("Max"), adjusted_incoming_rate,
                   incoming_speed_rating, (use_average == TRUE) ? _("Avg") : _("Max"),
                   adjusted_outgoing_rate, outgoing_speed_rating,
diff --git a/plugins/check_nt.c b/plugins/check_nt.c
index fefbfb7..f621b0a 100644
--- a/plugins/check_nt.c
+++ b/plugins/check_nt.c
@@ -197,19 +197,40 @@ int main(int argc, char **argv){
 
         case CHECK_UPTIME:
 
-                xasprintf(&send_buffer, "%s&3", req_password);
-                fetch_data (server_address, server_port, send_buffer);
-                uptime=strtoul(recv_buffer,NULL,10);
-                updays = uptime / 86400;
-                uphours = (uptime % 86400) / 3600;
-                upminutes = ((uptime % 86400) % 3600) / 60;
-                xasprintf(&output_message,_("System Uptime - %u day(s) %u hour(s) %u minute(s)|uptime=%lu"), updays, uphours, upminutes, uptime);
-                if (check_critical_value==TRUE && uptime <= critical_value)
-                        return_code=STATE_CRITICAL;
-                else if (check_warning_value==TRUE && uptime <= warning_value)
-                        return_code=STATE_WARNING;
-                else
-                        return_code=STATE_OK;
+                if (value_list == NULL) {
+                        value_list = "minutes";
+                }
+                if (strncmp(value_list, "seconds", strlen("seconds") + 1 ) &&
+                        strncmp(value_list, "minutes", strlen("minutes") + 1) &&
+                        strncmp(value_list, "hours", strlen("hours") + 1) &&
+                        strncmp(value_list, "days", strlen("days") + 1)) {
+
+                        output_message = strdup (_("wrong -l argument"));
+                } else {
+                        xasprintf(&send_buffer, "%s&3", req_password);
+                        fetch_data (server_address, server_port, send_buffer);
+                        uptime=strtoul(recv_buffer,NULL,10);
+                        updays = uptime / 86400;
+                        uphours = (uptime % 86400) / 3600;
+                        upminutes = ((uptime % 86400) % 3600) / 60;
+
+                        if (!strncmp(value_list, "minutes", strlen("minutes")))
+                                uptime = uptime / 60;
+                        else if (!strncmp(value_list, "hours", strlen("hours")))
+                                uptime = uptime / 3600;
+                        else if (!strncmp(value_list, "days", strlen("days")))
+                                uptime = uptime / 86400;
+                        /* else uptime in seconds, nothing to do */
+
+                        xasprintf(&output_message,_("System Uptime - %u day(s) %u hour(s) %u minute(s) |uptime=%lu"),updays, uphours, upminutes, uptime);
+
+                        if (check_critical_value==TRUE && uptime <= critical_value)
+                                return_code=STATE_CRITICAL;
+                        else if (check_warning_value==TRUE && uptime <= warning_value)
+                                return_code=STATE_WARNING;
+                        else
+                                return_code=STATE_OK;
+                }
                 break;
 
         case CHECK_USEDDISKSPACE:
@@ -713,7 +734,9 @@ void print_help(void)
         printf ("  %s\n", "ie: -l 60,90,95,120,90,95");
         printf (" %s\n", "UPTIME =");
         printf ("  %s\n", _("Get the uptime of the machine."));
-        printf ("  %s\n", _("No specific parameters. No warning or critical threshold"));
+        printf ("  %s\n", _("-l <unit> "));
+        printf ("  %s\n", _("<unit> = seconds, minutes, hours, or days. (default: minutes)"));
+        printf ("  %s\n", _("Thresholds will use the unit specified above."));
         printf (" %s\n", "USEDDISKSPACE =");
         printf ("  %s\n", _("Size and percentage of disk use."));
         printf ("  %s\n", _("Request a -l parameter containing the drive letter only."));
diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c
index 09a923e..a7d278d 100644
--- a/plugins/check_ntp.c
+++ b/plugins/check_ntp.c
@@ -517,14 +517,13 @@ setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){
 double jitter_request(const char *host, int *status){
         int conn=-1, i, npeers=0, num_candidates=0, syncsource_found=0;
         int run=0, min_peer_sel=PEER_INCLUDED, num_selected=0, num_valid=0;
-        int peers_size=0, peer_offset=0, bytes_read=0;
+        int peers_size=0, peer_offset=0;
         ntp_assoc_status_pair *peers=NULL;
         ntp_control_message req;
         const char *getvar = "jitter";
         double rval = 0.0, jitter = -1.0;
         char *startofvalue=NULL, *nptr=NULL;
         void *tmp;
-        int ntp_cm_ints = sizeof(uint16_t) * 5 + sizeof(uint8_t) * 2;
 
         /* Long-winded explanation:
          * Getting the jitter requires a number of steps:
@@ -591,6 +590,9 @@ double jitter_request(const char *host, int *status){
                 for (i = 0; i < npeers; i++){
                         /* Only query this server if it is the current sync source */
                         if (PEER_SEL(peers[i].status) >= min_peer_sel){
+                                char jitter_data[MAX_CM_SIZE+1];
+                                size_t jitter_data_count;
+
                                 num_selected++;
                                 setup_control_request(&req, OP_READVAR, 2);
                                 req.assoc = peers[i].assoc;
@@ -609,15 +611,7 @@ double jitter_request(const char *host, int *status){
 
                                 req.count = htons(MAX_CM_SIZE);
                                 DBG(printf("recieving READVAR response...\n"));
-
-                                /* cov-66524 - req.data not null terminated before usage. Also covers verifying struct was returned correctly*/
-                                if ((bytes_read = read(conn, &req, SIZEOF_NTPCM(req))) == -1)
-                                        die(STATE_UNKNOWN, _("Cannot read from socket: %s"), strerror(errno));
-                                if (bytes_read != ntp_cm_ints + req.count)
-                                        die(STATE_UNKNOWN, _("Invalid NTP response: %d bytes read does not equal %d plus %d data segment"), bytes_read, ntp_cm_ints, req.count); 
-                                /* else null terminate */
-                                strncpy(req.data[req.count], "\0", 1);
-
+                                read(conn, &req, SIZEOF_NTPCM(req));
                                 DBG(print_ntp_control_message(&req));
 
                                 if(req.op&REM_ERROR && strstr(getvar, "jitter")) {
@@ -632,7 +626,14 @@ double jitter_request(const char *host, int *status){
                                 if(verbose) {
                                         printf("parsing jitter from peer %.2x: ", ntohs(peers[i].assoc));
                                 }
-                                startofvalue = strchr(req.data, '=');
+                                if((jitter_data_count = ntohs(req.count)) >= sizeof(jitter_data)){
+                                        die(STATE_UNKNOWN,
+                                            _("jitter response too large (%lu bytes)\n"),
+                                            (unsigned long)jitter_data_count);
+                                }
+                                memcpy(jitter_data, req.data, jitter_data_count);
+                                jitter_data[jitter_data_count] = '\0';
+                                startofvalue = strchr(jitter_data, '=');
                                 if(startofvalue != NULL) {
                                         startofvalue++;
                                         jitter = strtod(startofvalue, &nptr);
diff --git a/plugins/check_ntp_peer.c b/plugins/check_ntp_peer.c
index d3ae599..44424af 100644
--- a/plugins/check_ntp_peer.c
+++ b/plugins/check_ntp_peer.c
@@ -599,17 +599,20 @@ int main(int argc, char *argv[]){
         }
         oresult = result;
         
-        if(do_truechimers)
+        if(do_truechimers) {
                 tresult = get_status(num_truechimers, truechimer_thresholds);
                 result = max_state_alt(result, tresult);
+        }
 
-        if(do_stratum)
+        if(do_stratum) {
                 sresult = get_status(stratum, stratum_thresholds);
                 result = max_state_alt(result, sresult);
+        }
 
-        if(do_jitter)
+        if(do_jitter) {
                 jresult = get_status(jitter, jitter_thresholds);
                 result = max_state_alt(result, jresult);
+        }
 
         switch (result) {
                 case STATE_CRITICAL :
diff --git a/plugins/check_real.c b/plugins/check_real.c
index 36f6413..00bd4d2 100644
--- a/plugins/check_real.c
+++ b/plugins/check_real.c
@@ -163,22 +163,22 @@ main (int argc, char **argv)
 
                 /* Part I - Server Check */
 
-                /* send the OPTIONS request */
-                sprintf (buffer, "DESCRIBE rtsp://%s:%d%s RTSP/1.0\n", host_name,
+                /* send the DESCRIBE request */
+                sprintf (buffer, "DESCRIBE rtsp://%s:%d%s RTSP/1.0\r\n", host_name,
                                                  server_port, server_url);
                 result = send (sd, buffer, strlen (buffer), 0);
 
                 /* send the header sync */
-                sprintf (buffer, "CSeq: 2\n");
+                sprintf (buffer, "CSeq: 2\r\n");
                 result = send (sd, buffer, strlen (buffer), 0);
 
                 /* send a newline so the server knows we're done with the request */
-                sprintf (buffer, "\n");
+                sprintf (buffer, "\r\n");
                 result = send (sd, buffer, strlen (buffer), 0);
 
                 /* watch for the REAL connection string */
                 result = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0);
-                buffer[result] = "\0"; /* null terminate recieved buffer */
+                buffer[result] = '\0'; /* null terminate recieved buffer */
 
                 /* return a CRITICAL status if we couldn't read any data */
                 if (result == -1) {
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index 2c62a23..62e6b8b 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -104,6 +104,8 @@ int errcode, excode;
 
 char *server_address = NULL;
 char *community = NULL;
+char **contextargs = NULL;
+char *context = NULL;
 char **authpriv = NULL;
 char *proto = NULL;
 char *seclevel = NULL;
@@ -128,6 +130,7 @@ size_t nunits = 0;
 size_t unitv_size = OID_COUNT_STEP;
 int numoids = 0;
 int numauthpriv = 0;
+int numcontext = 0;
 int verbose = 0;
 int usesnmpgetnext = FALSE;
 char *warning_thresholds = NULL;
@@ -297,8 +300,8 @@ main (int argc, char **argv)
                 snmpcmd = strdup (PATH_TO_SNMPGET);
         }
 
-        /* 10 arguments to pass before authpriv options + 1 for host and numoids. Add one for terminating NULL */
-        command_line = calloc (10 + numauthpriv + 1 + numoids + 1, sizeof (char *));
+        /* 10 arguments to pass before context and authpriv options + 1 for host and numoids. Add one for terminating NULL */
+        command_line = calloc (10 + numcontext + numauthpriv + 1 + numoids + 1, sizeof (char *));
         command_line[0] = snmpcmd;
         command_line[1] = strdup ("-Le");
         command_line[2] = strdup ("-t");
@@ -310,23 +313,27 @@ main (int argc, char **argv)
         command_line[8] = "-v";
         command_line[9] = strdup (proto);
 
+        for (i = 0; i < numcontext; i++) {
+                command_line[10 + i] = contextargs[i];
+        }
+        
         for (i = 0; i < numauthpriv; i++) {
-                command_line[10 + i] = authpriv[i];
+                command_line[10 + numcontext + i] = authpriv[i];
         }
 
-        xasprintf (&command_line[10 + numauthpriv], "%s:%s", server_address, port);
+        xasprintf (&command_line[10 + numcontext + numauthpriv], "%s:%s", server_address, port);
 
         /* This is just for display purposes, so it can remain a string */
-        xasprintf(&cl_hidden_auth, "%s -Le -t %d -r %d -m %s -v %s %s %s:%s",
-                snmpcmd, timeout_interval, retries, strlen(miblist) ? miblist : "''", proto, "[authpriv]",
+        xasprintf(&cl_hidden_auth, "%s -Le -t %d -r %d -m %s -v %s %s %s %s:%s",
+                snmpcmd, timeout_interval, retries, strlen(miblist) ? miblist : "''", proto, "[context]", "[authpriv]",
                 server_address, port);
 
         for (i = 0; i < numoids; i++) {
-                command_line[10 + numauthpriv + 1 + i] = oids[i];
+                command_line[10 + numcontext + numauthpriv + 1 + i] = oids[i];
                 xasprintf(&cl_hidden_auth, "%s %s", cl_hidden_auth, oids[i]);   
         }
 
-        command_line[10 + numauthpriv + 1 + numoids] = NULL;
+        command_line[10 + numcontext + numauthpriv + 1 + numoids] = NULL;
 
         if (verbose)
                 printf ("%s\n", cl_hidden_auth);
@@ -411,6 +418,9 @@ main (int argc, char **argv)
                 else if (strstr (response, "INTEGER: ")) {
                         show = strstr (response, "INTEGER: ") + 9;
                 }
+                else if (strstr (response, "OID: ")) {
+                        show = strstr (response, "OID: ") + 5;
+                }
                 else if (strstr (response, "STRING: ")) {
                         show = strstr (response, "STRING: ") + 8;
                         conv = "%.10g";
@@ -567,6 +577,18 @@ main (int argc, char **argv)
                         len = sizeof(perfstr)-strlen(perfstr)-1;
                         strncat(perfstr, show, len>ptr-show ? ptr-show : len);
 
+                        if (warning_thresholds) {
+                                strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1);
+                                strncat(perfstr, warning_thresholds, sizeof(perfstr)-strlen(perfstr)-1);
+                        }
+
+                        if (critical_thresholds) {
+                                if (!warning_thresholds)
+                                        strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1);
+                                strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1);
+                                strncat(perfstr, critical_thresholds, sizeof(perfstr)-strlen(perfstr)-1);
+                        }
+
                         if (type)
                                 strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1);
                         strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1);
@@ -646,6 +668,7 @@ process_arguments (int argc, char **argv)
                 {"retries", required_argument, 0, 'e'},
                 {"miblist", required_argument, 0, 'm'},
                 {"protocol", required_argument, 0, 'P'},
+                {"context", required_argument, 0, 'N'},
                 {"seclevel", required_argument, 0, 'L'},
                 {"secname", required_argument, 0, 'U'},
                 {"authproto", required_argument, 0, 'a'},
@@ -675,7 +698,7 @@ process_arguments (int argc, char **argv)
         }
 
         while (1) {
-                c = getopt_long (argc, argv, "nhvVOt:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:L:U:a:x:A:X:",
+                c = getopt_long (argc, argv, "nhvVOt:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:",
                                                                          longopts, &option);
 
                 if (c == -1 || c == EOF)
@@ -713,6 +736,9 @@ process_arguments (int argc, char **argv)
                 case 'P':       /* SNMP protocol version */
                         proto = optarg;
                         break;
+                case 'N':       /* SNMPv3 context */
+                        context = optarg;
+                        break;
                 case 'L':       /* security level */
                         seclevel = optarg;
                         break;
@@ -960,6 +986,13 @@ validate_arguments ()
                 authpriv[1] = strdup (community);
         }
         else if ( strcmp (proto, "3") == 0 ) {          /* snmpv3 args */
+                if (!(context == NULL)) {
+                        numcontext = 2;
+                        contextargs = calloc (numcontext, sizeof (char *));
+                        contextargs[0] = strdup ("-n");
+                        contextargs[1] = strdup (context);
+                }
+                
                 if (seclevel == NULL)
                         xasprintf(&seclevel, "noAuthNoPriv");
 
@@ -1103,6 +1136,8 @@ print_help (void)
         printf ("    %s\n", _("Use SNMP GETNEXT instead of SNMP GET"));
         printf (" %s\n", "-P, --protocol=[1|2c|3]");
         printf ("    %s\n", _("SNMP protocol version"));
+        printf (" %s\n", "-N, --context=CONTEXT");
+        printf ("    %s\n", _("SNMPv3 context"));
         printf (" %s\n", "-L, --seclevel=[noAuthNoPriv|authNoPriv|authPriv]");
         printf ("    %s\n", _("SNMPv3 securityLevel"));
         printf (" %s\n", "-a, --authproto=[MD5|SHA]");
@@ -1210,6 +1245,6 @@ print_usage (void)
         printf ("%s -H <ip_address> -o <OID> [-w warn_range] [-c crit_range]\n",progname);
         printf ("[-C community] [-s string] [-r regex] [-R regexi] [-t timeout] [-e retries]\n");
         printf ("[-l label] [-u units] [-p port-number] [-d delimiter] [-D output-delimiter]\n");
-        printf ("[-m miblist] [-P snmp version] [-L seclevel] [-U secname] [-a authproto]\n");
-        printf ("[-A authpasswd] [-x privproto] [-X privpasswd]\n");
+        printf ("[-m miblist] [-P snmp version] [-N context] [-L seclevel] [-U secname]\n");
+        printf ("[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd]\n");
 }
diff --git a/plugins/check_ssh.c b/plugins/check_ssh.c
index b6187d6..3658965 100644
--- a/plugins/check_ssh.c
+++ b/plugins/check_ssh.c
@@ -253,18 +253,18 @@ ssh_connect (char *haddr, int hport, char *remote_version, char *remote_protocol
 
                 if (remote_version && strcmp(remote_version, ssh_server)) {
                         printf
-                                (_("SSH WARNING - %s (protocol %s) version mismatch, expected '%s'\n"),
+                                (_("SSH CRITICAL - %s (protocol %s) version mismatch, expected '%s'\n"),
                                  ssh_server, ssh_proto, remote_version);
                         close(sd);
-                        exit (STATE_WARNING);
+                        exit (STATE_CRITICAL);
                 }
 
                 if (remote_protocol && strcmp(remote_protocol, ssh_proto)) {
                         printf
-                                (_("SSH WARNING - %s (protocol %s) protocol version mismatch, expected '%s'\n"),
+                                (_("SSH CRITICAL - %s (protocol %s) protocol version mismatch, expected '%s'\n"),
                                  ssh_server, ssh_proto, remote_protocol);
                         close(sd);
-                        exit (STATE_WARNING);
+                        exit (STATE_CRITICAL);
                 }
 
                 elapsed_time = (double)deltime(tv) / 1.0e6;
@@ -307,10 +307,10 @@ print_help (void)
         printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
 
         printf (" %s\n", "-r, --remote-version=STRING");
-  printf ("    %s\n", _("Warn if string doesn't match expected server version (ex: OpenSSH_3.9p1)"));
+  printf ("    %s\n", _("Alert if string doesn't match expected server version (ex: OpenSSH_3.9p1)"));
 
         printf (" %s\n", "-P, --remote-protocol=STRING");
-  printf ("    %s\n", _("Warn if protocol doesn't match expected protocol version (ex: 2.0)"));
+  printf ("    %s\n", _("Alert if protocol doesn't match expected protocol version (ex: 2.0)"));
 
         printf (UT_VERBOSE);
 
diff --git a/plugins/check_swap.c b/plugins/check_swap.c
index 88a2a2a..25e0bac 100644
--- a/plugins/check_swap.c
+++ b/plugins/check_swap.c
@@ -1,6 +1,6 @@
 /*****************************************************************************
 * 
-* Monitoring check_disk plugin
+* Monitoring check_swap plugin
 * 
 * License: GPL
 * Copyright (c) 2000 Karl DeBisschop (kdebisschop@users.sourceforge.net)
@@ -352,6 +352,7 @@ main (int argc, char **argv)
                 percent_used = 100 * ((double) used_swap_mb) / ((double) total_swap_mb);
         } else {
                 percent_used = 100;
+                status = "- Swap is either disabled, not present, or of zero size. ";
         }
 
         result = max_state (result, check_swap (percent_used, free_swap_mb));
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index f75c523..5c563d8 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -172,7 +172,7 @@ main (int argc, char **argv)
         }
         else if (!strncmp(SERVICE, "JABBER", 6)) {
                 SEND = "<stream:stream to=\'host\' xmlns=\'jabber:client\' xmlns:stream=\'http://etherx.jabber.org/streams\'>\n";
-                EXPECT = "<?xml version=\'1.0\'?><stream:stream xmlns=\'jabber:client\' xmlns:stream=\'http://etherx.jabber.org/streams\'";
+                EXPECT = "<?xml version=\'1.0\'";
                 QUIT = "</stream:stream>\n";
                 flags |= FLAG_HIDE_OUTPUT;
                 PORT = 5222;
@@ -577,7 +577,8 @@ process_arguments (int argc, char **argv)
                         if ((temp=strchr(optarg,','))!=NULL) {
                             *temp='\0';
                             if (!is_intnonneg (optarg))
-                               usage2 (_("Invalid certificate expiration period"), optarg);                              days_till_exp_warn = atoi(optarg);
+                               usage2 (_("Invalid certificate expiration period"), optarg);
+                            days_till_exp_warn = atoi (optarg);
                             *temp=',';
                             temp++;
                             if (!is_intnonneg (temp))
@@ -643,7 +644,7 @@ print_help (void)
         printf (UT_IPv46);
 
         printf (" %s\n", "-E, --escape");
-  printf ("    %s\n", _("Can use \\n, \\r, \\t or \\ in send or quit string. Must come before send or quit option"));
+  printf ("    %s\n", _("Can use \\n, \\r, \\t or \\\\ in send or quit string. Must come before send or quit option"));
   printf ("    %s\n", _("Default: nothing added to send, \\r\\n added to end of quit"));
   printf (" %s\n", "-s, --send=STRING");
   printf ("    %s\n", _("String to send to the server"));
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index d0ae474..c9882c6 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -144,7 +144,9 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
 #  ifdef USE_OPENSSL
         X509 *certificate=NULL;
         X509_NAME *subj=NULL;
+        char timestamp[50] = "";
         char cn[MAX_CN_LENGTH]= "";
+        
         int cnlen =-1;
         int status=STATE_UNKNOWN;
 
@@ -153,7 +155,7 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
         struct tm stamp;
         float time_left;
         int days_left;
-        char timestamp[50] = "";
+        int time_remaining;
         time_t tm_t;
 
         certificate=SSL_get_peer_certificate(s);
@@ -207,7 +209,8 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
                 (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
         stamp.tm_min =
                 (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
-        stamp.tm_sec = 0;
+        stamp.tm_sec =
+                (tm->data[10 + offset] - '0') * 10 + (tm->data[11 + offset] - '0');
         stamp.tm_isdst = -1;
 
         time_left = difftime(timegm(&stamp), time(NULL));
@@ -218,21 +221,35 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
         if (days_left > 0 && days_left <= days_till_exp_warn) {
                 printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp);
                 if (days_left > days_till_exp_crit)
-                        return STATE_WARNING;
+                        status = STATE_WARNING;
                 else
-                        return STATE_CRITICAL;
+                        status = STATE_CRITICAL;
+        } else if (days_left == 0 && time_left > 0) {
+                if (time_left >= 3600)
+                        time_remaining = (int) time_left / 3600;
+                else
+                        time_remaining = (int) time_left / 60;
+
+                printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"),
+                        (days_left>days_till_exp_crit) ? "WARNING" : "CRITICAL", cn, time_remaining,
+                        time_left >= 3600 ? "hours" : "minutes", timestamp);
+
+                if ( days_left > days_till_exp_crit)
+                        status = STATE_WARNING;
+                else
+                        status = STATE_CRITICAL;
         } else if (time_left < 0) {
                 printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp);
                 status=STATE_CRITICAL;
         } else if (days_left == 0) {
-                printf (_("%s - Certificate '%s' expires today (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp);
+                printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp);
                 if (days_left > days_till_exp_crit)
-                        return STATE_WARNING;
+                        status = STATE_WARNING;
                 else
-                        return STATE_CRITICAL;
+                        status = STATE_CRITICAL;
         } else {
                 printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp);
-                status=STATE_OK;
+                status = STATE_OK;
         }
         X509_free(certificate);
         return status;
diff --git a/plugins/t/NPTest.cache.travis b/plugins/t/NPTest.cache.travis
index 4ebfb90..fe8aabd 100644
--- a/plugins/t/NPTest.cache.travis
+++ b/plugins/t/NPTest.cache.travis
@@ -17,13 +17,15 @@
   'NP_HOST_HPJD_PORT_INVALID' => '161',
   'NP_HOST_HPJD_PORT_VALID' => '',
   'NP_HOST_TCP_HTTP' => 'localhost',
-  'NP_HOST_TCP_HTTP2' => 'labs.consol.de',
+  'NP_HOST_TCP_HTTP2' => 'test.monitoring-plugins.org',
   'NP_HOST_TCP_IMAP' => 'imap.web.de',
+  'NP_HOST_TCP_LDAP' => 'localhost',
   'NP_HOST_TCP_POP' => 'pop.web.de',
   'NP_HOST_TCP_SMTP' => 'localhost',
   'NP_HOST_TCP_SMTP_NOTLS' => '',
   'NP_HOST_TCP_SMTP_TLS' => '',
   'NP_INTERNET_ACCESS' => 'yes',
+  'NP_LDAP_BASE_DN' => 'cn=admin,dc=nodomain',
   'NP_MOUNTPOINT2_VALID' => '',
   'NP_MOUNTPOINT_VALID' => '/',
   'NP_MYSQL_SERVER' => 'localhost',
diff --git a/plugins/t/check_dns.t b/plugins/t/check_dns.t
index b885880..035e768 100644
--- a/plugins/t/check_dns.t
+++ b/plugins/t/check_dns.t
@@ -10,7 +10,7 @@ use NPTest;
 
 plan skip_all => "check_dns not compiled" unless (-x "check_dns");
 
-plan tests => 14;
+plan tests => 16;
 
 my $successOutput = '/DNS OK: [\.0-9]+ seconds? response time/';
 
@@ -43,6 +43,12 @@ my $dns_server       = getTestParameter(
                         "A non default (remote) DNS server",
                         );
 
+my $host_nonresponsive = getTestParameter(
+                        "NP_HOST_NONRESPONSIVE",
+                        "The hostname of system not responsive to network requests",
+                        "10.0.0.1",
+                        );
+
 my $res;
 
 $res = NPTest->testCmd("./check_dns -H $hostname_valid -t 5");
@@ -66,6 +72,10 @@ like  ( $res->output, $successOutput, "Output OK" );
 $res = NPTest->testCmd("./check_dns -H $hostname_invalid -s $dns_server -t 1");
 cmp_ok( $res->return_code, '==', 2, "Invalid $hostname_invalid on $dns_server");
 
+$res = NPTest->testCmd("./check_dns -H $hostname_valid -a $hostname_valid_ip -s $host_nonresponsive -t 2");
+cmp_ok( $res->return_code, '==', 2, "Got no answer from unresponsive server");
+like  ( $res->output, "/CRITICAL - /", "Output OK");
+
 $res = NPTest->testCmd("./check_dns -H $hostname_valid -a $hostname_valid_ip -t 5");
 cmp_ok( $res->return_code, '==', 0, "Got expected address");
 
diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t
index 2539a28..c2caec6 100644
--- a/plugins/t/check_http.t
+++ b/plugins/t/check_http.t
@@ -6,9 +6,10 @@
 
 use strict;
 use Test::More;
+use POSIX qw/mktime strftime/;
 use NPTest;
 
-plan tests => 30;
+plan tests => 42;
 
 my $successOutput = '/OK.*HTTP.*second/';
 
@@ -34,6 +35,8 @@ my $host_tcp_http2  = getTestParameter( "NP_HOST_TCP_HTTP2",
             "A host providing an index page containing the string 'monitoring'",
             "test.monitoring-plugins.org" );
 
+my $faketime = -x '/usr/bin/faketime' ? 1 : 0;
+
 
 $res = NPTest->testCmd(
         "./check_http $host_tcp_http -wt 300 -ct 600"
@@ -47,10 +50,10 @@ $res = NPTest->testCmd(
 like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" );
 
 $res = NPTest->testCmd(
-        "./check_http $host_nonresponsive -wt 1 -ct 2"
+        "./check_http $host_nonresponsive -wt 1 -ct 2 -t 3"
         );
 cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" );
-cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 10 seconds", "Output OK");
+cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 3 seconds", "Output OK");
 
 $res = NPTest->testCmd(
         "./check_http $hostname_invalid -wt 1 -ct 2"
@@ -112,6 +115,40 @@ SKIP: {
         $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" );
         cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works");
 
+        # run some certificate checks with faketime
+        SKIP: {
+                skip "No faketime binary found", 12 if !$faketime;
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/OK - Certificate 'www.verisign.com' will expire on/, "Catch cert output");
+                is( $res->return_code, 0, "Catch cert output exit code" );
+                my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)\./);
+                if(!defined $year) {
+                    die("parsing date failed from: ".$res);
+                }
+                my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11};
+                my $ts   = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900);
+                my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts));
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' just expired/, "Output on expire date");
+                is( $res->return_code, 2, "Output on expire date" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 0 minutes/, "cert expires in 1 second output");
+                is( $res->return_code, 2, "cert expires in 1 second exit code" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 minutes/, "cert expires in 2 minutes output");
+                is( $res->return_code, 2, "cert expires in 2 minutes exit code" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 hours/, "cert expires in 2 hours output");
+                is( $res->return_code, 2, "cert expires in 2 hours exit code" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expired on/, "Certificate expired output");
+                is( $res->return_code, 2, "Certificate expired exit code" );
+        };
+
         $res = NPTest->testCmd( "./check_http --ssl www.verisign.com -E" );
         like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
         like  ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
diff --git a/plugins/t/check_ldap.t b/plugins/t/check_ldap.t
new file mode 100644
index 0000000..b8944d4
--- /dev/null
+++ b/plugins/t/check_ldap.t
@@ -0,0 +1,80 @@
+#!/usr/bin/env perl -I ..
+#
+# Lightweight Directory Access Protocol (LDAP) Test via check_ldap
+#
+#
+
+use strict;
+use warnings;
+use Test::More;
+use NPTest;
+
+my $host_tcp_ldap      = getTestParameter("NP_HOST_TCP_LDAP",
+                                          "A host providing the LDAP Service",
+                                          "localhost" );
+
+my $ldap_base_dn       = getTestParameter("NP_LDAP_BASE_DN",
+                                          "A base dn for the LDAP Service",
+                                          "cn=admin" );
+
+my $host_nonresponsive = getTestParameter("host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
+                                          "The hostname of system not responsive to network requests" );
+
+my $hostname_invalid   = getTestParameter("hostname_invalid",   "NP_HOSTNAME_INVALID",   "nosuchhost",
+                                          "An invalid (not known to DNS) hostname" );
+
+my($result, $cmd);
+my $command = './check_ldap';
+
+plan tests => 16;
+
+SKIP: {
+    skip "NP_HOST_NONRESPONSIVE not set", 2 if ! $host_nonresponsive;
+
+    $result = NPTest->testCmd("$command -H $host_nonresponsive -b ou=blah -t 2 -w 1 -c 1");
+    is( $result->return_code, 2, "$command -H $host_nonresponsive -b ou=blah -t 5 -w 2 -c 3" );
+    is( $result->output, 'CRITICAL - Socket timeout after 2 seconds', "output ok" );
+};
+
+SKIP: {
+    skip "NP_HOSTNAME_INVALID not set", 2 if ! $hostname_invalid;
+
+    $result = NPTest->testCmd("$command -H $hostname_invalid -b ou=blah -t 5");
+    is( $result->return_code, 2, "$command -H $hostname_invalid -b ou=blah -t 5" );
+    is( $result->output, 'Could not bind to the LDAP server', "output ok" );
+};
+
+SKIP: {
+    skip "NP_HOST_TCP_LDAP not set", 12 if ! $host_tcp_ldap;
+    skip "NP_LDAP_BASE_DN not set",  12 if ! $ldap_base_dn;
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 0, $cmd );
+    like( $result->output, '/^LDAP OK - \d+.\d+ seconds response time\|time=\d+\.\d+s;2\.0+;3\.0+;0\.0+$/', "output ok" );
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000 -C 10000001";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 0, $cmd );
+    like( $result->output, '/^LDAP OK - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000;10000001;0\.0+$/', "output ok" );
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000: -C 10000001:";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 2, $cmd );
+    like( $result->output, '/^LDAP CRITICAL - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000:;10000001:;0\.0+$/', "output ok" );
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 0 -C 0";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 2, $cmd );
+    like( $result->output, '/^LDAP CRITICAL - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;0;0;0\.0+$/', "output ok" );
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000: -C 10000001";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 1, $cmd );
+    like( $result->output, '/^LDAP WARNING - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000:;10000001;0\.0+$/', "output ok" );
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -C 10000001";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 0, $cmd );
+    like( $result->output, '/^LDAP OK - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;;10000001;0\.0+$/', "output ok" );
+};
diff --git a/plugins/t/negate.t b/plugins/t/negate.t
index f18acc3..d96a109 100644
--- a/plugins/t/negate.t
+++ b/plugins/t/negate.t
@@ -6,6 +6,7 @@
 
 use strict;
 use Test::More;
+use Cwd;
 use NPTest;
 
 # 15 tests in the first part, 9 in timeout tests and 2 * 32 in the last loops
@@ -13,7 +14,7 @@ plan tests => 88;
 
 my $res;
 
-my $PWD = $ENV{PWD};
+my $PWD = getcwd();
 
 $res = NPTest->testCmd( "./negate" );
 is( $res->return_code, 3, "Not enough parameters");
@@ -50,7 +51,7 @@ is( $res->output, "OK: a dummy okay", "The quoted string is passed through to su
 $res = NPTest->testCmd( "./negate '$PWD/check_dummy 0' 'a dummy okay'" );
 is( $res->output, "No data returned from command", "Bad command, as expected (trying to execute './check_dummy 0')");
 
-$res = NPTest->testCmd( './negate $PWD/check_dummy 0 \'$$ a dummy okay\'' );
+$res = NPTest->testCmd( './negate '.$PWD.'/check_dummy 0 \'$$ a dummy okay\'' );
 is( $res->output, 'OK: $$ a dummy okay', 'Proves that $$ is not being expanded again' );
 
 my %state = (
diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t
index d93a0ec..e72d243 100755
--- a/plugins/tests/check_http.t
+++ b/plugins/tests/check_http.t
@@ -186,21 +186,21 @@ SKIP: {
 
         $result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
         is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
-        is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar  3 21:41:00 2019.', "output ok" );
+        is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar  3 21:41:28 2019.', "output ok" );
 
         $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
         is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
-        like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar  3 21:41:00 2019\)./', "output ok" );
+        like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar  3 21:41:28 2019\)./', "output ok" );
 
         # Expired cert tests
         $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" );
         is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" );
-        like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar  3 21:41:00 2019\)./', "output ok" );
+        like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar  3 21:41:28 2019\)./', "output ok" );
 
         $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
         is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
         is( $result->output,
-                'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar  5 00:13:00 2009.',
+                'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar  5 00:13:16 2009.',
                 "output ok" );
 
 }
diff --git a/plugins/tests/check_snmp.t b/plugins/tests/check_snmp.t
index aace9bc..73a68b2 100755
--- a/plugins/tests/check_snmp.t
+++ b/plugins/tests/check_snmp.t
@@ -20,7 +20,16 @@ if ($@) {
         plan skip_all => "Missing required module for test: $@";
 } else {
         if (-x "./check_snmp") {
-                plan tests => $tests;
+        # check if snmpd has perl support
+        my $test = `snmpd -c tests/conf/snmpd.conf -C -r -H 2>&1`;
+        if(!defined $test) {
+                plan skip_all => "snmpd required";
+        }
+        elsif($test =~ m/Warning: Unknown token: perl/) {
+                plan skip_all => "snmpd has no perl support";
+        } else {
+                    plan tests => $tests;
+        }
         } else {
                 plan skip_all => "No check_snmp compiled";
         }
@@ -119,7 +128,7 @@ sleep 1;
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
 is($res->return_code, 1, "WARNING - due to going above rate calculation" );
-is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666 ");
+is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666;600 ");
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
 is($res->return_code, 3, "UNKNOWN - basically the divide by zero error" );
@@ -200,7 +209,7 @@ is($res->output, 'SNMP OK - "stringtests" | ', "OK as inverted string no match"
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.12 -w 4:5" );
 is($res->return_code, 1, "Numeric in string test" );
-is($res->output, 'SNMP WARNING - *3.5* | iso.3.6.1.4.1.8072.3.2.67.12=3.5 ', "WARNING threshold checks for string masquerading as number" );
+is($res->output, 'SNMP WARNING - *3.5* | iso.3.6.1.4.1.8072.3.2.67.12=3.5;4:5 ', "WARNING threshold checks for string masquerading as number" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.13" );
 is($res->return_code, 0, "Not really numeric test" );
@@ -216,29 +225,29 @@ is($res->output, 'SNMP OK - "CUSTOM CHECK OK: foo is 12345" | ', "String check w
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
 is($res->return_code, 0, "Negative integer check OK" );
-is($res->output, 'SNMP OK - -2 | iso.3.6.1.4.1.8072.3.2.67.16=-2 ', "Negative integer check OK output" );
+is($res->output, 'SNMP OK - -2 | iso.3.6.1.4.1.8072.3.2.67.16=-2;-2:;-3: ', "Negative integer check OK output" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
 is($res->return_code, 1, "Negative integer check WARNING" );
-is($res->output, 'SNMP WARNING - *-3* | iso.3.6.1.4.1.8072.3.2.67.16=-3 ', "Negative integer check WARNING output" );
+is($res->output, 'SNMP WARNING - *-3* | iso.3.6.1.4.1.8072.3.2.67.16=-3;-2:;-3: ', "Negative integer check WARNING output" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
 is($res->return_code, 2, "Negative integer check CRITICAL" );
-is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.16=-4 ', "Negative integer check CRITICAL output" );
+is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.16=-4;-2:;-3: ', "Negative integer check CRITICAL output" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.17 -w -3: -c -6:" );
 is($res->return_code, 1, "Negative integer as string, WARNING" );
-is($res->output, 'SNMP WARNING - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4 ', "Negative integer as string, WARNING output" );
+is($res->output, 'SNMP WARNING - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4;-3:;-6: ', "Negative integer as string, WARNING output" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.17 -w -2: -c -3:" );
 is($res->return_code, 2, "Negative integer as string, CRITICAL" );
-is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4 ', "Negative integer as string, CRITICAL output" );
+is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4;-2:;-3: ', "Negative integer as string, CRITICAL output" );
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -c ~:-6.5" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -c '~:-6.5'" );
 is($res->return_code, 0, "Negative float OK" );
-is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6 ', "Negative float OK output" );
+is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;;~:-6.5 ', "Negative float OK output" );
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -w ~:-6.65 -c ~:-6.55" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -w '~:-6.65' -c '~:-6.55'" );
 is($res->return_code, 1, "Negative float WARNING" );
-is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6 ', "Negative float WARNING output" );
+is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;~:-6.65;~:-6.55 ', "Negative float WARNING output" );
 
diff --git a/plugins/utils.c b/plugins/utils.c
index 58b153d..a864e4a 100644
--- a/plugins/utils.c
+++ b/plugins/utils.c
@@ -144,8 +144,6 @@ usage5 (void)
 void
 print_revision (const char *command_name, const char *revision)
 {
-        char plugin_revision[STRLEN];
-
         printf ("%s v%s (%s %s)\n",
                  command_name, revision, PACKAGE, VERSION);
 }
@@ -630,3 +628,43 @@ char *fperfdata (const char *label,
 
         return data;
 }
+
+char *sperfdata (const char *label,
+ double val,
+ const char *uom,
+ char *warn,
+ char *crit,
+ int minp,
+ double minv,
+ int maxp,
+ double maxv)
+{
+        char *data = NULL;
+        if (strpbrk (label, "'= "))
+                xasprintf (&data, "'%s'=", label);
+        else
+                xasprintf (&data, "%s=", label);
+
+        xasprintf (&data, "%s%f", data, val);
+        xasprintf (&data, "%s%s;", data, uom);
+
+        if (warn!=NULL)
+                xasprintf (&data, "%s%s", data, warn);
+
+        xasprintf (&data, "%s;", data);
+
+        if (crit!=NULL)
+                xasprintf (&data, "%s%s", data, crit);
+
+        xasprintf (&data, "%s;", data);
+
+        if (minp)
+                xasprintf (&data, "%s%f", data, minv);
+
+        if (maxp) {
+                xasprintf (&data, "%s;", data);
+                xasprintf (&data, "%s%f", data, maxv);
+        }
+
+        return data;
+}