53 files changed, 667 insertions, 318 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 41906c53..0ddf9bd1 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -71,7 +71,7 @@ check_apt_LDADD = $(BASEOBJS)
 check_cluster_LDADD = $(BASEOBJS)
 check_dbi_LDADD = $(NETLIBS) $(DBILIBS)
 check_dig_LDADD = $(NETLIBS)
-check_disk_LDADD = $(BASEOBJS) $(THREADLIBS)
+check_disk_LDADD = $(BASEOBJS)
 check_dns_LDADD = $(NETLIBS)
 check_dummy_LDADD = $(BASEOBJS)
 check_fping_LDADD = $(NETLIBS)
diff --git a/plugins/check_apt.c b/plugins/check_apt.c
index 8747f904..a639a411 100644
--- a/plugins/check_apt.c
+++ b/plugins/check_apt.c
@@ -160,10 +160,10 @@ int process_arguments (int argc, char **argv) {
                switch(c) {
                case 'h':
                        print_help();
-                        exit(STATE_OK);
+                        exit(STATE_UNKNOWN);
                case 'V':
                        print_revision(progname, NP_VERSION);
-                        exit(STATE_OK);
+                        exit(STATE_UNKNOWN);
                case 'v':
                        verbose++;
                        break;
diff --git a/plugins/check_by_ssh.c b/plugins/check_by_ssh.c
index a877f888..13d8bc3b 100644
--- a/plugins/check_by_ssh.c
+++ b/plugins/check_by_ssh.c
@@ -100,6 +100,13 @@ main (int argc, char **argv)
        result = cmd_run_array (commargv, &chld_out, &chld_err, 0);
+        if (verbose) {
+                for(i = 0; i < chld_out.lines; i++)
+                        printf("stdout: %s\n", chld_out.line[i]);
+                for(i = 0; i < chld_err.lines; i++)
+                        printf("stderr: %s\n", chld_err.line[i]);
+        }
        if (skip_stdout == -1) /* --skip-stdout specified without argument */
                skip_stdout = chld_out.lines;
        if (skip_stderr == -1) /* --skip-stderr specified without argument */
@@ -209,10 +216,10 @@ process_arguments (int argc, char **argv)
                switch (c) {
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'h':                                                                       /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'v':                                                                       /* help */
                        verbose = TRUE;
                        break;
diff --git a/plugins/check_cluster.c b/plugins/check_cluster.c
index cf699e1f..b86e501d 100644
--- a/plugins/check_cluster.c
+++ b/plugins/check_cluster.c
@@ -200,7 +200,7 @@ int process_arguments(int argc, char **argv){
                case 'V': /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                        break;
                case 'H': /* help */
diff --git a/plugins/check_dbi.c b/plugins/check_dbi.c
index a3d033f4..826eb8d9 100644
--- a/plugins/check_dbi.c
+++ b/plugins/check_dbi.c
@@ -368,10 +368,10 @@ process_arguments (int argc, char **argv)
                        usage5 ();
                case 'h':     /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'V':     /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'c':     /* critical range */
                        critical_range = optarg;
diff --git a/plugins/check_dig.c b/plugins/check_dig.c
index d899b119..473d4b97 100644
--- a/plugins/check_dig.c
+++ b/plugins/check_dig.c
@@ -125,7 +125,7 @@ main (int argc, char **argv)
        if (verbose)
          printf ("%s\n", chld_out.line[i]);
-        if (strstr (chld_out.line[i], (expected_address == NULL ? query_address : expected_address)) != NULL) {
+        if (strcasestr (chld_out.line[i], (expected_address == NULL ? query_address : expected_address)) != NULL) {
          msg = chld_out.line[i];
          result = STATE_OK;
@@ -223,10 +223,10 @@ process_arguments (int argc, char **argv)
    switch (c) {
    case 'h':                 /* help */
      print_help ();
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
    case 'V':                 /* version */
      print_revision (progname, NP_VERSION);
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
    case 'H':                 /* hostname */
      host_or_die(optarg);
      dns_server = optarg;
diff --git a/plugins/check_disk.c b/plugins/check_disk.c
index eb573f5f..e73a0083 100644
--- a/plugins/check_disk.c
+++ b/plugins/check_disk.c
@@ -51,9 +51,6 @@ const char *email = "devel@monitoring-plugins.org";
 # include <limits.h>
 #endif
 #include "regex.h"
-#if HAVE_PTHREAD_H
-# include <pthread.h>
-#endif
 #ifdef __CYGWIN__
 # include <windows.h>
@@ -61,9 +58,6 @@ const char *email = "devel@monitoring-plugins.org";
 # define ERROR -1
 #endif
-/* If nonzero, show inode information. */
-static int inode_format = 1;
 /* If nonzero, show even filesystems with zero size or
   uninteresting types. */
 static int show_all_fs = 1;
@@ -133,7 +127,6 @@ void print_help (void);
 void print_usage (void);
 double calculate_percent(uintmax_t, uintmax_t);
 void stat_path (struct parameter_list *p);
-void *do_stat_path (void *p);
 void get_stats (struct parameter_list *p, struct fs_usage *fsp);
 void get_path_stats (struct parameter_list *p, struct fs_usage *fsp);
@@ -182,7 +175,7 @@ main (int argc, char **argv)
  int temp_result;
  struct mount_entry *me;
-  struct fs_usage fsp, tmpfsp;
+  struct fs_usage fsp;
  struct parameter_list *temp_list, *path;
 #ifdef __CYGWIN__
@@ -427,9 +420,7 @@ process_arguments (int argc, char **argv)
  int c, err;
  struct parameter_list *se;
  struct parameter_list *temp_list = NULL, *previous = NULL;
-  struct parameter_list *temp_path_select_list = NULL;
+  struct mount_entry *me;
-  struct mount_entry *me, *temp_me;
-  int result = OK;
  regex_t re;
  int cflags = REG_NOSUB | REG_EXTENDED;
  int default_cflags = cflags;
@@ -766,10 +757,10 @@ process_arguments (int argc, char **argv)
      break;
    case 'V':                 /* version */
      print_revision (progname, NP_VERSION);
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
    case 'h':                 /* help */
      print_help ();
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
    case '?':                 /* help */
      usage (_("Unknown argument"));
    }
@@ -972,44 +963,6 @@ print_usage (void)
 void
 stat_path (struct parameter_list *p)
 {
-#ifdef HAVE_PTHREAD_H
-  pthread_t stat_thread;
-  int statdone = 0;
-  int timer = timeout_interval;
-  struct timespec req, rem;
-  req.tv_sec = 0;
-  pthread_create(&stat_thread, NULL, do_stat_path, p);
-  while (timer-- > 0) {
-    req.tv_nsec = 10000000;
-    nanosleep(&req, &rem);
-    if (pthread_kill(stat_thread, 0)) {
-      statdone = 1;
-      break;
-    } else {
-      req.tv_nsec = 990000000;
-      nanosleep(&req, &rem);
-    }
-  }
-  if (statdone == 1) {
-    pthread_join(stat_thread, NULL);
-  } else {
-    pthread_detach(stat_thread);
-    if (verbose >= 3)
-      printf("stat did not return within %ds on %s\n", timeout_interval, p->name);
-    printf("DISK %s - ", _("CRITICAL"));
-    die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("hangs"), _("Timeout"));
-  }
-#else
-  do_stat_path(p);
-#endif
-}
-void *
-do_stat_path (void *in)
-{
-  struct parameter_list *p = in;
  /* Stat entry to check that dir exists and is accessible */
  if (verbose >= 3)
    printf("calling stat on %s\n", p->name);
@@ -1019,7 +972,6 @@ do_stat_path (void *in)
    printf("DISK %s - ", _("CRITICAL"));
    die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("is not accessible"), strerror(errno));
  }
-  return NULL;
 }
diff --git a/plugins/check_dns.c b/plugins/check_dns.c
index 22121226..54ce7d16 100644
--- a/plugins/check_dns.c
+++ b/plugins/check_dns.c
@@ -81,7 +81,6 @@ main (int argc, char **argv)
  double elapsed_time;
  long microsec;
  struct timeval tv;
-  int multi_address;
  int parse_address = FALSE; /* This flag scans for Address: but only after Name: */
  output chld_out, chld_err;
  size_t i;
@@ -127,7 +126,7 @@ main (int argc, char **argv)
    if (verbose)
      puts(chld_out.line[i]);
-    if (strstr (chld_out.line[i], ".in-addr.arpa")) {
+    if (strcasestr (chld_out.line[i], ".in-addr.arpa")) {
      if ((temp_buffer = strstr (chld_out.line[i], "name = ")))
        addresses[n_addresses++] = strdup (temp_buffer + 7);
      else {
@@ -249,11 +248,6 @@ main (int argc, char **argv)
  elapsed_time = (double)microsec / 1.0e6;
  if (result == STATE_OK) {
-    if (strchr (address, ',') == NULL)
-      multi_address = FALSE;
-    else
-      multi_address = TRUE;
    result = get_status(elapsed_time, time_thresholds);
    if (result == STATE_OK) {
      printf ("DNS %s: ", _("OK"));
@@ -395,10 +389,10 @@ process_arguments (int argc, char **argv)
    switch (c) {
    case 'h': /* help */
      print_help ();
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
    case 'V': /* version */
      print_revision (progname, NP_VERSION);
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
    case 'v': /* version */
      verbose = TRUE;
      break;
diff --git a/plugins/check_dummy.c b/plugins/check_dummy.c
index 3ed68717..212a1344 100644
--- a/plugins/check_dummy.c
+++ b/plugins/check_dummy.c
@@ -52,11 +52,11 @@ main (int argc, char **argv)
    usage4 (_("Could not parse arguments"));
  else if (strcmp (argv[1], "-V") == 0 || strcmp (argv[1], "--version") == 0) {
    print_revision (progname, NP_VERSION);
-    exit (STATE_OK);
+    exit (STATE_UNKNOWN);
  }
  else if (strcmp (argv[1], "-h") == 0 || strcmp (argv[1], "--help") == 0) {
    print_help ();
-    exit (STATE_OK);
+    exit (STATE_UNKNOWN);
  }
  else if (!is_integer (argv[1]))
    usage4 (_("Arguments to check_dummy must be an integer"));
diff --git a/plugins/check_fping.c b/plugins/check_fping.c
index 46046b4f..da1ce1a6 100644
--- a/plugins/check_fping.c
+++ b/plugins/check_fping.c
@@ -105,7 +105,7 @@ main (int argc, char **argv)
    xasprintf(&option_string, "%s-I %s ", option_string, sourceif);
 #ifdef PATH_TO_FPING6
-  if (address_family == AF_INET6)
+  if (address_family != AF_INET && is_inet6_addr(server))
    fping_prog = strdup(PATH_TO_FPING6);
  else
    fping_prog = strdup(PATH_TO_FPING);
@@ -314,10 +314,10 @@ process_arguments (int argc, char **argv)
      usage5 ();
    case 'h':                 /* help */
      print_help ();
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
    case 'V':                 /* version */
      print_revision (progname, NP_VERSION);
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
    case 'v':                 /* verbose mode */
      verbose = TRUE;
      break;
diff --git a/plugins/check_game.c b/plugins/check_game.c
index 29e59e2f..709dae1b 100644
--- a/plugins/check_game.c
+++ b/plugins/check_game.c
@@ -196,10 +196,10 @@ process_arguments (int argc, char **argv)
    switch (c) {
    case 'h': /* help */
      print_help ();
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
    case 'V': /* version */
      print_revision (progname, NP_VERSION);
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
    case 'v': /* version */
      verbose = TRUE;
      break;
diff --git a/plugins/check_hpjd.c b/plugins/check_hpjd.c
index 5fe06984..f159f5a2 100644
--- a/plugins/check_hpjd.c
+++ b/plugins/check_hpjd.c
@@ -350,10 +350,10 @@ process_arguments (int argc, char **argv)
                        break;
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'h':                                                                       /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case '?':                                                                       /* help */
                        usage5 ();
                }
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 51679975..2038f4a1 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -267,11 +267,11 @@ process_arguments (int argc, char **argv)
      break;
    case 'h': /* help */
      print_help ();
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
      break;
    case 'V': /* version */
      print_revision (progname, NP_VERSION);
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
      break;
    case 't': /* timeout period */
      if (!is_intnonneg (optarg))
@@ -343,9 +343,20 @@ process_arguments (int argc, char **argv)
         parameters, like -S and -C combinations */
      use_ssl = TRUE;
      if (c=='S' && optarg != NULL) {
-        ssl_version = atoi(optarg);
+        int got_plus = strchr(optarg, '+') != NULL;
-        if (ssl_version < 1 || ssl_version > 3)
-            usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)"));
+        if (!strncmp (optarg, "1.2", 3))
+          ssl_version = got_plus ? MP_TLSv1_2_OR_NEWER : MP_TLSv1_2;
+        else if (!strncmp (optarg, "1.1", 3))
+          ssl_version = got_plus ? MP_TLSv1_1_OR_NEWER : MP_TLSv1_1;
+        else if (optarg[0] == '1')
+          ssl_version = got_plus ? MP_TLSv1_OR_NEWER : MP_TLSv1;
+        else if (optarg[0] == '3')
+          ssl_version = got_plus ? MP_SSLv3_OR_NEWER : MP_SSLv3;
+        else if (optarg[0] == '2')
+          ssl_version = got_plus ? MP_SSLv2_OR_NEWER : MP_SSLv2;
+        else
+          usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)"));
      }
      if (specify_port == FALSE)
        server_port = HTTPS_PORT;
@@ -869,17 +880,42 @@ check_http (void)
  double elapsed_time_transfer = 0.0;
  int page_len = 0;
  int result = STATE_OK;
+  char *force_host_header = NULL;
  /* try to connect to the host at the given port number */
  gettimeofday (&tv_temp, NULL);
  if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)
    die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
  microsec_connect = deltime (tv_temp);
+    /* if we are called with the -I option, the -j method is CONNECT and */
+    /* we received -S for SSL, then we tunnel the request through a proxy*/
+    /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto  */
+    if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
+      && host_name != NULL && use_ssl == TRUE) {
+    if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT);
+    asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent);
+    asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf);
+    asprintf (&buf, "%sHost: %s\r\n", buf, host_name);
+    /* we finished our request, send empty line with CRLF */
+    asprintf (&buf, "%s%s", buf, CRLF);
+    if (verbose) printf ("%s\n", buf);
+    send(sd, buf, strlen (buf), 0);
+    buf[0]='\0';
+    if (verbose) printf ("Receive response from proxy\n");
+    read (sd, buffer, MAX_INPUT_BUFFER-1);
+    if (verbose) printf ("%s", buffer);
+    /* Here we should check if we got HTTP/1.1 200 Connection established */
+  }
 #ifdef HAVE_SSL
  elapsed_time_connect = (double)microsec_connect / 1.0e6;
  if (use_ssl == TRUE) {
    gettimeofday (&tv_temp, NULL);
    result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey);
+    if (verbose) printf ("SSL initialized\n");
    if (result != STATE_OK)
      die (STATE_CRITICAL, NULL);
    microsec_ssl = deltime (tv_temp);
@@ -893,29 +929,51 @@ check_http (void)
  }
 #endif /* HAVE_SSL */
-  xasprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+  if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
+       && host_name != NULL && use_ssl == TRUE)
+    asprintf (&buf, "%s %s %s\r\n%s\r\n", "GET", server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+  else
+    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
  /* tell HTTP/1.1 servers not to keep the connection alive */
  xasprintf (&buf, "%sConnection: close\r\n", buf);
+  /* check if Host header is explicitly set in options */
+  if (http_opt_headers_count) {
+    for (i = 0; i < http_opt_headers_count ; i++) {
+      if (strncmp(http_opt_headers[i], "Host:", 5) == 0) {
+        force_host_header = http_opt_headers[i];
+      }
+    }
+  }
  /* optionally send the host header info */
  if (host_name) {
-    /*
+    if (force_host_header) {
-     * Specify the port only if we're using a non-default port (see RFC 2616,
+      xasprintf (&buf, "%s%s\r\n", buf, force_host_header);
-     * 14.23).  Some server applications/configurations cause trouble if the
+    }
-     * (default) port is explicitly specified in the "Host:" header line.
+    else {
-     */
+      /*
-    if ((use_ssl == FALSE && server_port == HTTP_PORT) ||
+       * Specify the port only if we're using a non-default port (see RFC 2616,
-        (use_ssl == TRUE && server_port == HTTPS_PORT))
+       * 14.23).  Some server applications/configurations cause trouble if the
-      xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);
+       * (default) port is explicitly specified in the "Host:" header line.
-    else
+       */
-      xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port);
+      if ((use_ssl == FALSE && server_port == HTTP_PORT) ||
+          (use_ssl == TRUE && server_port == HTTPS_PORT) ||
+          (server_address != NULL && strcmp(http_method, "CONNECT") == 0
+         && host_name != NULL && use_ssl == TRUE))
+        xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);
+      else
+        xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port);
+    }
  }
  /* optionally send any other header tag */
  if (http_opt_headers_count) {
    for (i = 0; i < http_opt_headers_count ; i++) {
-      xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]);
+      if (force_host_header != http_opt_headers[i]) {
+        xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]);
+      }
    }
    /* This cannot be free'd here because a redirection will then try to access this and segfault */
    /* Covered in a testcase in tests/check_http.t */
@@ -1467,9 +1525,10 @@ print_help (void)
  printf (UT_IPv46);
 #ifdef HAVE_SSL
-  printf (" %s\n", "-S, --ssl=VERSION");
+  printf (" %s\n", "-S, --ssl=VERSION[+]");
  printf ("    %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
-  printf ("    %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3)."));
+  printf ("    %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,"));
+  printf ("    %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted."));
  printf (" %s\n", "--sni");
  printf ("    %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
  printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
@@ -1496,7 +1555,7 @@ print_help (void)
  printf ("    %s\n", _("URL to GET or POST (default: /)"));
  printf (" %s\n", "-P, --post=STRING");
  printf ("    %s\n", _("URL encoded http POST data"));
-  printf (" %s\n", "-j, --method=STRING  (for example: HEAD, OPTIONS, TRACE, PUT, DELETE)");
+  printf (" %s\n", "-j, --method=STRING  (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)");
  printf ("    %s\n", _("Set HTTP method."));
  printf (" %s\n", "-N, --no-body");
  printf ("    %s\n", _("Don't wait for document body: stop reading after headers."));
@@ -1570,7 +1629,7 @@ print_help (void)
  printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,"));
  printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
  printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
-  printf (" %s\n", _("the certificate is expired."));
+  printf (" %s\n\n", _("the certificate is expired."));
  printf ("\n");
  printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14");
  printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,"));
@@ -1578,6 +1637,13 @@ print_help (void)
  printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned."));
  printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days"));
+  printf (" %s\n\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: ");
+  printf (" %s\n", _("check_http -I 192.168.100.35 -p 80 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com "));
+  printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>"));
+  printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds"));
+  printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
+  printf (" %s\n", _("a STATE_CRITICAL will be returned."));
 #endif
  printf (UT_SUPPORT);
diff --git a/plugins/check_ide_smart.c b/plugins/check_ide_smart.c
index 47605e96..8d540ca1 100644
--- a/plugins/check_ide_smart.c
+++ b/plugins/check_ide_smart.c
@@ -234,10 +234,10 @@ main (int argc, char *argv[])
                        break;
                case 'h':
                        print_help ();
-                        return STATE_OK;
+                        return STATE_UNKNOWN;
                case 'V':
                        print_revision (progname, NP_VERSION);
-                        return STATE_OK;
+                        return STATE_UNKNOWN;
                default:
                        usage5 ();
                }
@@ -249,7 +249,7 @@ main (int argc, char *argv[])
        if (!device) {
                print_help ();
-                return STATE_OK;
+                return STATE_UNKNOWN;
        }
        fd = open (device, OPEN_MODE);
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index c371be97..66be4b46 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -1,29 +1,29 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_ldap plugin
-* 
+*
 * License: GPL
 * Copyright (c) 2000-2008 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_ldap plugin
-* 
+*
-* 
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
+*
-* 
+*
 *****************************************************************************/
 /* progname may be check_ldaps */
@@ -67,7 +67,10 @@ int ld_protocol = DEFAULT_PROTOCOL;
 #endif
 double warn_time = UNDEFINED;
 double crit_time = UNDEFINED;
+thresholds *entries_thresholds = NULL;
 struct timeval tv;
+char* warn_entries = NULL;
+char* crit_entries = NULL;
 int starttls = FALSE;
 int ssl_on_connect = FALSE;
 int verbose = 0;
@@ -94,6 +97,12 @@ main (int argc, char *argv[])
        int tls;
        int version=3;
+        /* for entry counting */
+        LDAPMessage *next_entry;
+        int status_entries = STATE_OK;
+        int num_entries = 0;
        setlocale (LC_ALL, "");
        bindtextdomain (PACKAGE, LOCALEDIR);
        textdomain (PACKAGE);
@@ -197,12 +206,14 @@ main (int argc, char *argv[])
        }
        /* do a search of all objectclasses in the base dn */
-        if (ldap_search_s (ld, ld_base, LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result)
+        if (ldap_search_s (ld, ld_base, (crit_entries!=NULL || warn_entries!=NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result)
                        != LDAP_SUCCESS) {
                if (verbose)
                        ldap_perror(ld, "ldap_search");
                printf (_("Could not search/find objectclasses in %s\n"), ld_base);
                return STATE_CRITICAL;
+        } else if (crit_entries!=NULL || warn_entries!=NULL) {
+                num_entries = ldap_count_entries(ld, result);
        }
        /* unbind from the ldap server */
@@ -223,14 +234,42 @@ main (int argc, char *argv[])
        else
                status = STATE_OK;
+        if(entries_thresholds != NULL) {
+                if (verbose) {
+                        printf ("entries found: %d\n", num_entries);
+                        print_thresholds("entry threasholds", entries_thresholds);
+                }
+                status_entries = get_status(num_entries, entries_thresholds);
+                if (status_entries == STATE_CRITICAL) {
+                        status = STATE_CRITICAL;
+                } else if (status != STATE_CRITICAL) {
+                        status = status_entries;
+                }
+        }
        /* print out the result */
-        printf (_("LDAP %s - %.3f seconds response time|%s\n"),
+        if (crit_entries!=NULL || warn_entries!=NULL) {
-                state_text (status),
+                printf (_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"),
-                elapsed_time,
+                        state_text (status),
-                fperfdata ("time", elapsed_time, "s",
+                        num_entries,
-                          (int)warn_time, warn_time,
+                        elapsed_time,
-                          (int)crit_time, crit_time,
+                        fperfdata ("time", elapsed_time, "s",
-                          TRUE, 0, FALSE, 0));
+                                (int)warn_time, warn_time,
+                                (int)crit_time, crit_time,
+                                TRUE, 0, FALSE, 0),
+                        sperfdata ("entries", (double)num_entries, "",
+                                warn_entries,
+                                crit_entries,
+                                TRUE, 0.0, FALSE, 0.0));
+        } else {
+                printf (_("LDAP %s - %.3f seconds response time|%s\n"),
+                        state_text (status),
+                        elapsed_time,
+                        fperfdata ("time", elapsed_time, "s",
+                                (int)warn_time, warn_time,
+                                (int)crit_time, crit_time,
+                                TRUE, 0, FALSE, 0));
+        }
        return status;
 }
@@ -263,6 +302,8 @@ process_arguments (int argc, char **argv)
                {"port", required_argument, 0, 'p'},
                {"warn", required_argument, 0, 'w'},
                {"crit", required_argument, 0, 'c'},
+                {"warn-entries", required_argument, 0, 'W'},
+                {"crit-entries", required_argument, 0, 'C'},
                {"verbose", no_argument, 0, 'v'},
                {0, 0, 0, 0}
        };
@@ -276,7 +317,7 @@ process_arguments (int argc, char **argv)
        }
        while (1) {
-                c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:", longopts, &option);
+                c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option);
                if (c == -1 || c == EOF)
                        break;
@@ -284,10 +325,10 @@ process_arguments (int argc, char **argv)
                switch (c) {
                case 'h':                                                                       /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 't':                                                                       /* timeout period */
                        if (!is_intnonneg (optarg))
                                usage2 (_("Timeout interval must be a positive integer"), optarg);
@@ -318,6 +359,12 @@ process_arguments (int argc, char **argv)
                case 'c':
                        crit_time = strtod (optarg, NULL);
                        break;
+                case 'W':
+                        warn_entries = optarg;
+                        break;
+                case 'C':
+                        crit_entries = optarg;
+                        break;
 #ifdef HAVE_LDAP_SET_OPTION
                case '2':
                        ld_protocol = 2;
@@ -381,6 +428,10 @@ validate_arguments ()
        if (ld_base==NULL)
                usage4 (_("Please specify the LDAP base\n"));
+        if (crit_entries!=NULL || warn_entries!=NULL) {
+                set_thresholds(&entries_thresholds,
+                        warn_entries, crit_entries);
+        }
        return OK;
 }
@@ -430,6 +481,11 @@ print_help (void)
        printf (UT_WARN_CRIT);
+  printf (" %s\n", "-W [--warn-entries]");
+  printf ("    %s\n", _("Number of found entries to result in warning status"));
+  printf (" %s\n", "-C [--crit-entries]");
+  printf ("    %s\n", _("Number of found entries to result in critical status"));
        printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
        printf (UT_VERBOSE);
@@ -441,6 +497,7 @@ print_help (void)
        printf (" %s\n", _("'SSL on connect' will be used no matter how the plugin was called."));
        printf (" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags"));
        printf (" %s\n", _("to define the behaviour explicitly instead."));
+        printf (" %s\n", _("The parameters --warn-entries and --crit-entries are optional."));
        printf (UT_SUPPORT);
 }
diff --git a/plugins/check_load.c b/plugins/check_load.c
index cde63e56..a96435f4 100644
--- a/plugins/check_load.c
+++ b/plugins/check_load.c
@@ -251,10 +251,10 @@ process_arguments (int argc, char **argv)
                        break;
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'h':                                                                       /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case '?':                                                                       /* help */
                        usage5 ();
                }
diff --git a/plugins/check_mrtg.c b/plugins/check_mrtg.c
index cf3fe044..1fda5492 100644
--- a/plugins/check_mrtg.c
+++ b/plugins/check_mrtg.c
@@ -234,10 +234,10 @@ process_arguments (int argc, char **argv)
                        break;
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'h':                                                                       /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case '?':                                                                       /* help */
                        usage5 ();
                }
diff --git a/plugins/check_mrtgtraf.c b/plugins/check_mrtgtraf.c
index 3b038cf1..eb66f622 100644
--- a/plugins/check_mrtgtraf.c
+++ b/plugins/check_mrtgtraf.c
@@ -270,10 +270,10 @@ process_arguments (int argc, char **argv)
                        break;
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'h':                                                                       /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case '?':                                                                       /* help */
                        usage5 ();
                }
diff --git a/plugins/check_mysql.c b/plugins/check_mysql.c
index 216626bc..5773afd9 100644
--- a/plugins/check_mysql.c
+++ b/plugins/check_mysql.c
@@ -444,10 +444,10 @@ process_arguments (int argc, char **argv)
                        break;
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'h':                                                                       /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'v':
                        verbose++;
                        break;
diff --git a/plugins/check_mysql_query.c b/plugins/check_mysql_query.c
index 71ab7768..49a14dd3 100644
--- a/plugins/check_mysql_query.c
+++ b/plugins/check_mysql_query.c
@@ -250,10 +250,10 @@ process_arguments (int argc, char **argv)
                        break;
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'h':                                                                       /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'q':
                        xasprintf(&sql_query, "%s", optarg);
                        break;
diff --git a/plugins/check_nagios.c b/plugins/check_nagios.c
index 791b6dbe..40d68f03 100644
--- a/plugins/check_nagios.c
+++ b/plugins/check_nagios.c
@@ -235,10 +235,10 @@ process_arguments (int argc, char **argv)
                switch (c) {
                case 'h':                                                                       /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'F':                                                                       /* status log */
                        status_log = optarg;
                        break;
diff --git a/plugins/check_nt.c b/plugins/check_nt.c
index f621b0a8..59c135db 100644
--- a/plugins/check_nt.c
+++ b/plugins/check_nt.c
@@ -553,10 +553,10 @@ int process_arguments(int argc, char **argv){
                        usage5 ();
                        case 'h': /* help */
                                print_help();
-                                exit(STATE_OK);
+                                exit(STATE_UNKNOWN);
                        case 'V': /* version */
                                print_revision(progname, NP_VERSION);
-                                exit(STATE_OK);
+                                exit(STATE_UNKNOWN);
                        case 'H': /* hostname */
                                server_address = optarg;
                                break;
diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c
index 74501711..5ac6c65b 100644
--- a/plugins/check_ntp.c
+++ b/plugins/check_ntp.c
@@ -689,11 +689,11 @@ int process_arguments(int argc, char **argv){
                switch (c) {
                case 'h':
                        print_help();
-                        exit(STATE_OK);
+                        exit(STATE_UNKNOWN);
                        break;
                case 'V':
                        print_revision(progname, NP_VERSION);
-                        exit(STATE_OK);
+                        exit(STATE_UNKNOWN);
                        break;
                case 'v':
                        verbose++;
diff --git a/plugins/check_ntp_peer.c b/plugins/check_ntp_peer.c
index 44424af5..c656b0f5 100644
--- a/plugins/check_ntp_peer.c
+++ b/plugins/check_ntp_peer.c
@@ -448,11 +448,11 @@ int process_arguments(int argc, char **argv){
                switch (c) {
                case 'h':
                        print_help();
-                        exit(STATE_OK);
+                        exit(STATE_UNKNOWN);
                        break;
                case 'V':
                        print_revision(progname, NP_VERSION);
-                        exit(STATE_OK);
+                        exit(STATE_UNKNOWN);
                        break;
                case 'v':
                        verbose++;
diff --git a/plugins/check_ntp_time.c b/plugins/check_ntp_time.c
index e344f8b7..1cc8cbfb 100644
--- a/plugins/check_ntp_time.c
+++ b/plugins/check_ntp_time.c
@@ -244,7 +244,7 @@ void setup_request(ntp_message *p){
 * this is done by filtering servers based on stratum, dispersion, and
 * finally round-trip delay. */
 int best_offset_server(const ntp_server_results *slist, int nservers){
-        int i=0, cserver=0, best_server=-1;
+        int cserver=0, best_server=-1;
        /* for each server */
        for(cserver=0; cserver<nservers; cserver++){
@@ -303,7 +303,7 @@ int best_offset_server(const ntp_server_results *slist, int nservers){
 *   we have to do it in a way that our lazy macros don't handle currently :( */
 double offset_request(const char *host, int *status){
        int i=0, j=0, ga_result=0, num_hosts=0, *socklist=NULL, respnum=0;
-        int servers_completed=0, one_written=0, one_read=0, servers_readable=0, best_index=-1;
+        int servers_completed=0, one_read=0, servers_readable=0, best_index=-1;
        time_t now_time=0, start_ts=0;
        ntp_message *req=NULL;
        double avg_offset=0.;
@@ -368,7 +368,6 @@ double offset_request(const char *host, int *status){
                 * been touched in the past second or so and is still lacking
                 * some responses. For each of these servers, send a new request,
                 * and update the "waiting" timestamp with the current time. */
-                one_written=0;
                now_time=time(NULL);
                for(i=0; i<num_hosts; i++){
@@ -378,7 +377,6 @@ double offset_request(const char *host, int *status){
                                setup_request(&req[i]);
                                write(socklist[i], &req[i], sizeof(ntp_message));
                                servers[i].waiting=now_time;
-                                one_written=1;
                                break;
                        }
                }
@@ -477,11 +475,11 @@ int process_arguments(int argc, char **argv){
                switch (c) {
                case 'h':
                        print_help();
-                        exit(STATE_OK);
+                        exit(STATE_UNKNOWN);
                        break;
                case 'V':
                        print_revision(progname, NP_VERSION);
-                        exit(STATE_OK);
+                        exit(STATE_UNKNOWN);
                        break;
                case 'v':
                        verbose++;
diff --git a/plugins/check_nwstat.c b/plugins/check_nwstat.c
index 1a7bfa16..e7e8de05 100644
--- a/plugins/check_nwstat.c
+++ b/plugins/check_nwstat.c
@@ -1354,10 +1354,10 @@ int process_arguments(int argc, char **argv) {
                        usage5 ();
                        case 'h': /* help */
                                print_help();
-                                exit(STATE_OK);
+                                exit(STATE_UNKNOWN);
                        case 'V': /* version */
                                print_revision(progname, NP_VERSION);
-                                exit(STATE_OK);
+                                exit(STATE_UNKNOWN);
                        case 'H': /* hostname */
                                server_address=optarg;
                                break;
diff --git a/plugins/check_overcr.c b/plugins/check_overcr.c
index af5eb9b9..9a4d25fa 100644
--- a/plugins/check_overcr.c
+++ b/plugins/check_overcr.c
@@ -340,10 +340,10 @@ process_arguments (int argc, char **argv)
                        usage5 ();
                case 'h':                                                                       /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'H':                                                                       /* hostname */
                        server_address = optarg;
                        break;
diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c
index 9bad1ec5..2eb699e8 100644
--- a/plugins/check_pgsql.c
+++ b/plugins/check_pgsql.c
@@ -302,10 +302,10 @@ process_arguments (int argc, char **argv)
                        usage5 ();
                case 'h':     /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'V':     /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 't':     /* timeout period */
                        if (!is_integer (optarg))
                                usage2 (_("Timeout interval must be a positive integer"), optarg);
diff --git a/plugins/check_ping.c b/plugins/check_ping.c
index dbc5c3e4..423ecbe5 100644
--- a/plugins/check_ping.c
+++ b/plugins/check_ping.c
@@ -224,11 +224,11 @@ process_arguments (int argc, char **argv)
                        usage5 ();
                case 'h':       /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                        break;
                case 'V':       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                        break;
                case 't':       /* timeout period */
                        timeout_interval = atoi (optarg);
diff --git a/plugins/check_procs.c b/plugins/check_procs.c
index 402aac53..4bcc56bc 100644
--- a/plugins/check_procs.c
+++ b/plugins/check_procs.c
@@ -428,10 +428,10 @@ process_arguments (int argc, char **argv)
                        usage5 ();
                case 'h':                                                                       /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 't':                                                                       /* timeout period */
                        if (!is_integer (optarg))
                                usage2 (_("Timeout interval must be a positive integer"), optarg);
diff --git a/plugins/check_radius.c b/plugins/check_radius.c
index b2943475..03cbb8b0 100644
--- a/plugins/check_radius.c
+++ b/plugins/check_radius.c
@@ -259,10 +259,10 @@ process_arguments (int argc, char **argv)
                        usage5 ();
                case 'h':                                                                       /* help */
                        print_help ();
-                        exit (OK);
+                        exit (STATE_UNKNOWN);
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (OK);
+                        exit (STATE_UNKNOWN);
                case 'v':                                                                       /* verbose mode */
                        verbose = TRUE;
                        break;
diff --git a/plugins/check_real.c b/plugins/check_real.c
index 00bd4d20..6491e6e9 100644
--- a/plugins/check_real.c
+++ b/plugins/check_real.c
@@ -359,10 +359,10 @@ process_arguments (int argc, char **argv)
                        break;
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'h':                                                                       /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case '?':                                                                       /* usage */
                        usage5 ();
                }
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index 24304534..1996c6d3 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -231,7 +231,7 @@ main (int argc, char **argv)
                  send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
                  recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */
-                  if (!strstr (buffer, server_expect)) {
+                  if (!strstr (buffer, SMTP_EXPECT)) {
                    printf (_("Server does not support STARTTLS\n"));
                    smtp_quit();
                    return STATE_UNKNOWN;
@@ -276,6 +276,7 @@ main (int argc, char **argv)
 #  ifdef USE_OPENSSL
                  if ( check_cert ) {
                    result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
+                    smtp_quit();
                    my_close();
                    return result;
                  }
@@ -581,11 +582,6 @@ process_arguments (int argc, char **argv)
                                usage4 (_("Timeout interval must be a positive integer"));
                        }
                        break;
-                case 'S':
-                /* starttls */
-                        use_ssl = TRUE;
-                        use_ehlo = TRUE;
-                        break;
                case 'D':
                /* Check SSL cert validity */
 #ifdef USE_OPENSSL
@@ -607,9 +603,14 @@ process_arguments (int argc, char **argv)
                            days_till_exp_warn = atoi (optarg);
                        }
                        check_cert = TRUE;
+                        ignore_send_quit_failure = TRUE;
 #else
                        usage (_("SSL support not available - install OpenSSL and recompile"));
 #endif
+                case 'S':
+                /* starttls */
+                        use_ssl = TRUE;
+                        use_ehlo = TRUE;
                        break;
                case '4':
                        address_family = AF_INET;
@@ -623,10 +624,10 @@ process_arguments (int argc, char **argv)
                        break;
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'h':                                                                       /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case '?':                                                                       /* help */
                        usage5 ();
                }
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index 9d966faa..da9638c4 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -41,7 +41,6 @@ const char *email = "devel@monitoring-plugins.org";
 #define DEFAULT_PORT "161"
 #define DEFAULT_MIBLIST "ALL"
 #define DEFAULT_PROTOCOL "1"
-#define DEFAULT_TIMEOUT 1
 #define DEFAULT_RETRIES 5
 #define DEFAULT_AUTH_PROTOCOL "MD5"
 #define DEFAULT_PRIV_PROTOCOL "DES"
@@ -153,7 +152,7 @@ state_data *previous_state;
 double *previous_value;
 size_t previous_size = OID_COUNT_STEP;
 int perf_labels = 1;
+char* ip_version = "";
 static char *fix_snmp_range(char *th)
 {
@@ -227,7 +226,7 @@ main (int argc, char **argv)
        outbuff = strdup ("");
        delimiter = strdup (" = ");
        output_delim = strdup (DEFAULT_OUTPUT_DELIMITER);
-        timeout_interval = DEFAULT_TIMEOUT;
+        timeout_interval = DEFAULT_SOCKET_TIMEOUT;
        retries = DEFAULT_RETRIES;
        np_init( (char *) progname, argc, argv );
@@ -418,6 +417,9 @@ main (int argc, char **argv)
                else if (strstr (response, "INTEGER: ")) {
                        show = strstr (response, "INTEGER: ") + 9;
                }
+                else if (strstr (response, "OID: ")) {
+                        show = strstr (response, "OID: ") + 5;
+                }
                else if (strstr (response, "STRING: ")) {
                        show = strstr (response, "STRING: ") + 8;
                        conv = "%.10g";
@@ -678,6 +680,8 @@ process_arguments (int argc, char **argv)
                {"offset", required_argument, 0, L_OFFSET},
                {"invert-search", no_argument, 0, L_INVERT_SEARCH},
                {"perf-oids", no_argument, 0, 'O'},
+                {"ipv4", no_argument, 0, '4'},
+                {"ipv6", no_argument, 0, '6'},
                {0, 0, 0, 0}
        };
@@ -695,7 +699,7 @@ process_arguments (int argc, char **argv)
        }
        while (1) {
-                c = getopt_long (argc, argv, "nhvVOt:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:",
+                c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:",
                                                                         longopts, &option);
                if (c == -1 || c == EOF)
@@ -706,10 +710,10 @@ process_arguments (int argc, char **argv)
                        usage5 ();
                case 'h':       /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'V':       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'v': /* verbose */
                        verbose++;
                        break;
@@ -920,6 +924,13 @@ process_arguments (int argc, char **argv)
                case 'O':
                        perf_labels=0;
                        break;
+                case '4':
+                        break;
+                case '6':
+                        xasprintf(&ip_version, "udp6:");
+                        if(verbose>2)
+                                printf("IPv6 detected! Will pass \"udp6:\" to snmpget.\n");
+                        break;
                }
        }
@@ -1125,6 +1136,7 @@ print_help (void)
        printf (UT_HELP_VRSN);
        printf (UT_EXTRA_OPTS);
+        printf (UT_IPv46);
        printf (UT_HOST_PORT, 'p', DEFAULT_PORT);
@@ -1243,5 +1255,5 @@ print_usage (void)
        printf ("[-C community] [-s string] [-r regex] [-R regexi] [-t timeout] [-e retries]\n");
        printf ("[-l label] [-u units] [-p port-number] [-d delimiter] [-D output-delimiter]\n");
        printf ("[-m miblist] [-P snmp version] [-N context] [-L seclevel] [-U secname]\n");
-        printf ("[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd]\n");
+        printf ("[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd] [-4|6]\n");
 }
diff --git a/plugins/check_ssh.c b/plugins/check_ssh.c
index 3658965e..8ccbd5a7 100644
--- a/plugins/check_ssh.c
+++ b/plugins/check_ssh.c
@@ -128,10 +128,10 @@ process_arguments (int argc, char **argv)
                        usage5 ();
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'h':                                                                       /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'v':                                                                       /* verbose */
                        verbose = TRUE;
                        break;
diff --git a/plugins/check_swap.c b/plugins/check_swap.c
index 25e0bacd..4d5a4071 100644
--- a/plugins/check_swap.c
+++ b/plugins/check_swap.c
@@ -470,10 +470,10 @@ process_arguments (int argc, char **argv)
                        break;
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'h':                                                                       /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case '?':                                                                       /* error */
                        usage5 ();
                }
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index 63f9fd9c..6dc9aa96 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -237,7 +237,7 @@ main (int argc, char **argv)
        gettimeofday (&tv, NULL);
        result = np_net_connect (server_address, server_port, &sd, PROTOCOL);
-        if (result == STATE_CRITICAL) return STATE_CRITICAL;
+        if (result == STATE_CRITICAL) return econn_refuse_state;
 #ifdef HAVE_SSL
        if (flags & FLAG_SSL){
@@ -463,10 +463,10 @@ process_arguments (int argc, char **argv)
                        usage5 ();
                case 'h':                 /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'V':                 /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'v':                 /* verbose mode */
                        flags |= FLAG_VERBOSE;
                        match_flags |= NP_MATCH_VERBOSE;
@@ -577,7 +577,8 @@ process_arguments (int argc, char **argv)
                        if ((temp=strchr(optarg,','))!=NULL) {
                            *temp='\0';
                            if (!is_intnonneg (optarg))
-                               usage2 (_("Invalid certificate expiration period"), optarg);                              days_till_exp_warn = atoi(optarg);
+                               usage2 (_("Invalid certificate expiration period"), optarg);
+                            days_till_exp_warn = atoi (optarg);
                            *temp=',';
                            temp++;
                            if (!is_intnonneg (temp))
diff --git a/plugins/check_time.c b/plugins/check_time.c
index 3943742a..baf8c591 100644
--- a/plugins/check_time.c
+++ b/plugins/check_time.c
@@ -231,10 +231,10 @@ process_arguments (int argc, char **argv)
                        usage5 ();
                case 'h':                                                                       /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'H':                                                                       /* hostname */
                        if (is_host (optarg) == FALSE)
                                usage2 (_("Invalid hostname/address"), optarg);
diff --git a/plugins/check_ups.c b/plugins/check_ups.c
index 099881d0..e9e56a51 100644
--- a/plugins/check_ups.c
+++ b/plugins/check_ups.c
@@ -242,8 +242,8 @@ main (int argc, char **argv)
                        }
                        xasprintf (&data, "%s %s", data,
                                  perfdata ("battery", (long)ups_battery_percent, "%",
-                                            check_warn, (long)(1000*warning_value),
+                                            check_warn, (long)(warning_value),
-                                            check_crit, (long)(1000*critical_value),
+                                            check_crit, (long)(critical_value),
                                            TRUE, 0, TRUE, 100));
                } else {
                        xasprintf (&data, "%s %s", data,
@@ -271,8 +271,8 @@ main (int argc, char **argv)
                        }
                        xasprintf (&data, "%s %s", data,
                                  perfdata ("load", (long)ups_load_percent, "%",
-                                            check_warn, (long)(1000*warning_value),
+                                            check_warn, (long)(warning_value),
-                                            check_crit, (long)(1000*critical_value),
+                                            check_crit, (long)(critical_value),
                                            TRUE, 0, TRUE, 100));
                } else {
                        xasprintf (&data, "%s %s", data,
@@ -308,8 +308,8 @@ main (int argc, char **argv)
                        }
                        xasprintf (&data, "%s %s", data,
                                  perfdata ("temp", (long)ups_temperature, tunits,
-                                            check_warn, (long)(1000*warning_value),
+                                            check_warn, (long)(warning_value),
-                                            check_crit, (long)(1000*critical_value),
+                                            check_crit, (long)(critical_value),
                                            TRUE, 0, FALSE, 0));
                } else {
                        xasprintf (&data, "%s %s", data,
@@ -558,10 +558,10 @@ process_arguments (int argc, char **argv)
                        break;
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'h':                                                                       /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                }
        }
diff --git a/plugins/check_users.c b/plugins/check_users.c
index a009f20b..f6f4b362 100644
--- a/plugins/check_users.c
+++ b/plugins/check_users.c
@@ -54,15 +54,15 @@ int process_arguments (int, char **);
 void print_help (void);
 void print_usage (void);
-int wusers = -1;
+char *warning_range = NULL;
-int cusers = -1;
+char *critical_range = NULL;
+thresholds *thlds = NULL;
 int
 main (int argc, char **argv)
 {
        int users = -1;
        int result = STATE_UNKNOWN;
-        char *perf;
 #if HAVE_WTSAPI32_H
        WTS_SESSION_INFO *wtsinfo;
        DWORD wtscount;
@@ -77,8 +77,6 @@ main (int argc, char **argv)
        bindtextdomain (PACKAGE, LOCALEDIR);
        textdomain (PACKAGE);
-        perf = strdup ("");
        /* Parse extra opts if any */
        argv = np_extra_opts (&argc, argv, progname);
@@ -160,23 +158,15 @@ main (int argc, char **argv)
 #endif
        /* check the user count against warning and critical thresholds */
-        if (users > cusers)
+        result = get_status((double)users, thlds);
-                result = STATE_CRITICAL;
-        else if (users > wusers)
-                result = STATE_WARNING;
-        else if (users >= 0)
-                result = STATE_OK;
        if (result == STATE_UNKNOWN)
                printf ("%s\n", _("Unable to read output"));
        else {
-                xasprintf (&perf, "%s", perfdata ("users", users, "",
+                printf (_("USERS %s - %d users currently logged in |%s\n"), 
-                  TRUE, wusers,
+                                state_text(result), users,
-                  TRUE, cusers,
+                                sperfdata_int("users", users, "", warning_range,
-                  TRUE, 0,
+                                                        critical_range, TRUE, 0, FALSE, 0));
-                  FALSE, 0));
-                printf (_("USERS %s - %d users currently logged in |%s\n"), state_text (result),
-                  users, perf);
        }
        return result;
@@ -210,38 +200,32 @@ process_arguments (int argc, char **argv)
                        usage5 ();
                case 'h':                                                                       /* help */
                        print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                case 'c':                                                                       /* critical */
-                        if (!is_intnonneg (optarg))
+                        critical_range = optarg;
-                                usage4 (_("Critical threshold must be a positive integer"));
-                        else
-                                cusers = atoi (optarg);
                        break;
                case 'w':                                                                       /* warning */
-                        if (!is_intnonneg (optarg))
+                        warning_range = optarg;
-                                usage4 (_("Warning threshold must be a positive integer"));
-                        else
-                                wusers = atoi (optarg);
                        break;
                }
        }
        c = optind;
-        if (wusers == -1 && argc > c) {
+        if (warning_range == NULL && argc > c)
-                if (is_intnonneg (argv[c]) == FALSE)
+                warning_range = argv[c++];
-                        usage4 (_("Warning threshold must be a positive integer"));
+        if (critical_range == NULL && argc > c)
-                else
+                critical_range = argv[c++];
-                        wusers = atoi (argv[c++]);
-        }
+        /* this will abort in case of invalid ranges */
-        if (cusers == -1 && argc > c) {
+        set_thresholds (&thlds, warning_range, critical_range);
-                if (is_intnonneg (argv[c]) == FALSE)
-                        usage4 (_("Warning threshold must be a positive integer"));
+        if (thlds->warning->end < 0)
-                else
+                usage4 (_("Warning threshold must be a positive integer"));
-                        cusers = atoi (argv[c]);
+        if (thlds->critical->end < 0)
-        }
+                usage4 (_("Critical threshold must be a positive integer"));
        return OK;
 }
diff --git a/plugins/negate.c b/plugins/negate.c
index beaed1ea..b320e356 100644
--- a/plugins/negate.c
+++ b/plugins/negate.c
@@ -59,8 +59,8 @@ static int state[4] = {
 int
 main (int argc, char **argv)
 {
-        int found = 0, result = STATE_UNKNOWN;
+        int result = STATE_UNKNOWN;
-        char *buf, *sub;
+        char *sub;
        char **command_line;
        output chld_out, chld_err;
        int i;
diff --git a/plugins/netutils.c b/plugins/netutils.c
index 83f8942f..705aaf09 100644
--- a/plugins/netutils.c
+++ b/plugins/netutils.c
@@ -161,6 +161,10 @@ process_request (const char *server_address, int server_port, int proto,
 int
 np_net_connect (const char *host_name, int port, int *sd, int proto)
 {
+        /* send back STATE_UNKOWN if there's an error
+           send back STATE_OK if we connect
+           send back STATE_CRITICAL if we can't connect.
+           Let upstream figure out what to send to the user. */
        struct addrinfo hints;
        struct addrinfo *r, *res;
        struct sockaddr_un su;
@@ -250,16 +254,14 @@ np_net_connect (const char *host_name, int port, int *sd, int proto)
        else if (was_refused) {
                switch (econn_refuse_state) { /* a user-defined expected outcome */
                case STATE_OK:
-                case STATE_WARNING:  /* user wants WARN or OK on refusal */
+                case STATE_WARNING:  /* user wants WARN or OK on refusal, or... */
-                        return econn_refuse_state;
+                case STATE_CRITICAL: /* user did not set econn_refuse_state, or wanted critical */
-                        break;
-                case STATE_CRITICAL: /* user did not set econn_refuse_state */
                        if (is_socket)
                                printf("connect to file socket %s: %s\n", host_name, strerror(errno));
                        else
                                printf("connect to address %s and port %d: %s\n",
                                       host_name, port, strerror(errno));
-                        return econn_refuse_state;
+                        return STATE_CRITICAL;
                        break;
                default: /* it's a logic error if we do not end up in STATE_(OK|WARNING|CRITICAL) */
                        return STATE_UNKNOWN;
diff --git a/plugins/netutils.h b/plugins/netutils.h
index c6fce901..2766029e 100644
--- a/plugins/netutils.h
+++ b/plugins/netutils.h
@@ -91,6 +91,16 @@ RETSIGTYPE socket_timeout_alarm_handler (int) __attribute__((noreturn));
 /* SSL-Related functionality */
 #ifdef HAVE_SSL
+#  define MP_SSLv2 1
+#  define MP_SSLv3 2
+#  define MP_TLSv1 3
+#  define MP_TLSv1_1 4
+#  define MP_TLSv1_2 5
+#  define MP_SSLv2_OR_NEWER 6
+#  define MP_SSLv3_OR_NEWER 7
+#  define MP_TLSv1_OR_NEWER 8
+#  define MP_TLSv1_1_OR_NEWER 9
+#  define MP_TLSv1_2_OR_NEWER 10
 /* maybe this could be merged with the above np_net_connect, via some flags */
 int np_net_ssl_init(int sd);
 int np_net_ssl_init_with_hostname(int sd, char *host_name);
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index d0ae4741..b412ef3d 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -49,28 +49,78 @@ int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int versi
 int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int version, char *cert, char *privkey) {
        SSL_METHOD *method = NULL;
+        long options = 0;
        switch (version) {
-        case 0: /* Deafult to auto negotiation */
+        case MP_SSLv2: /* SSLv2 protocol */
-                method = SSLv23_client_method();
-                break;
-        case 1: /* TLSv1 protocol */
-                method = TLSv1_client_method();
-                break;
-        case 2: /* SSLv2 protocol */
 #if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2)
-                printf(("%s\n", _("CRITICAL - SSL protocol version 2 is not supported by your SSL library.")));
+                printf("%s\n", _("UNKNOWN - SSL protocol version 2 is not supported by your SSL library."));
-                return STATE_CRITICAL;
+                return STATE_UNKNOWN;
 #else
                method = SSLv2_client_method();
-#endif
                break;
-        case 3: /* SSLv3 protocol */
+#endif
+        case MP_SSLv3: /* SSLv3 protocol */
+#if defined(OPENSSL_NO_SSL3)
+                printf("%s\n", _("UNKNOWN - SSL protocol version 3 is not supported by your SSL library."));
+                return STATE_UNKNOWN;
+#else
                method = SSLv3_client_method();
                break;
-        default: /* Unsupported */
+#endif
-                printf("%s\n", _("CRITICAL - Unsupported SSL protocol version."));
+        case MP_TLSv1: /* TLSv1 protocol */
-                return STATE_CRITICAL;
+#if defined(OPENSSL_NO_TLS1)
+                printf("%s\n", _("UNKNOWN - TLS protocol version 1 is not supported by your SSL library."));
+                return STATE_UNKNOWN;
+#else
+                method = TLSv1_client_method();
+                break;
+#endif
+        case MP_TLSv1_1: /* TLSv1.1 protocol */
+#if !defined(SSL_OP_NO_TLSv1_1)
+                printf("%s\n", _("UNKNOWN - TLS protocol version 1.1 is not supported by your SSL library."));
+                return STATE_UNKNOWN;
+#else
+                method = TLSv1_1_client_method();
+                break;
+#endif
+        case MP_TLSv1_2: /* TLSv1.2 protocol */
+#if !defined(SSL_OP_NO_TLSv1_2)
+                printf("%s\n", _("UNKNOWN - TLS protocol version 1.2 is not supported by your SSL library."));
+                return STATE_UNKNOWN;
+#else
+                method = TLSv1_2_client_method();
+                break;
+#endif
+        case MP_TLSv1_2_OR_NEWER:
+#if !defined(SSL_OP_NO_TLSv1_1)
+                printf("%s\n", _("UNKNOWN - Disabling TLSv1.1 is not supported by your SSL library."));
+                return STATE_UNKNOWN;
+#else
+                options |= SSL_OP_NO_TLSv1_1;
+#endif
+                /* FALLTHROUGH */
+        case MP_TLSv1_1_OR_NEWER:
+#if !defined(SSL_OP_NO_TLSv1)
+                printf("%s\n", _("UNKNOWN - Disabling TLSv1 is not supported by your SSL library."));
+                return STATE_UNKNOWN;
+#else
+                options |= SSL_OP_NO_TLSv1;
+#endif
+                /* FALLTHROUGH */
+        case MP_TLSv1_OR_NEWER:
+#if defined(SSL_OP_NO_SSLv3)
+                options |= SSL_OP_NO_SSLv3;
+#endif
+                /* FALLTHROUGH */
+        case MP_SSLv3_OR_NEWER:
+#if defined(SSL_OP_NO_SSLv2)
+                options |= SSL_OP_NO_SSLv2;
+#endif
+        case MP_SSLv2_OR_NEWER:
+                /* FALLTHROUGH */
+        default: /* Default to auto negotiation */
+                method = SSLv23_client_method();
        }
        if (!initialized) {
                /* Initialize SSL context */
@@ -94,8 +144,9 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
 #endif
        }
 #ifdef SSL_OP_NO_TICKET
-        SSL_CTX_set_options(c, SSL_OP_NO_TICKET);
+        options |= SSL_OP_NO_TICKET;
 #endif
+        SSL_CTX_set_options(c, options);
        SSL_CTX_set_mode(c, SSL_MODE_AUTO_RETRY);
        if ((s = SSL_new(c)) != NULL) {
 #ifdef SSL_set_tlsext_host_name
@@ -144,7 +195,10 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
 #  ifdef USE_OPENSSL
        X509 *certificate=NULL;
        X509_NAME *subj=NULL;
+        char timestamp[50] = "";
        char cn[MAX_CN_LENGTH]= "";
+        char *tz;
+        
        int cnlen =-1;
        int status=STATE_UNKNOWN;
@@ -153,7 +207,7 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
        struct tm stamp;
        float time_left;
        int days_left;
-        char timestamp[50] = "";
+        int time_remaining;
        time_t tm_t;
        certificate=SSL_get_peer_certificate(s);
@@ -207,32 +261,55 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
                (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
        stamp.tm_min =
                (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
-        stamp.tm_sec = 0;
+        stamp.tm_sec =
+                (tm->data[10 + offset] - '0') * 10 + (tm->data[11 + offset] - '0');
        stamp.tm_isdst = -1;
-        time_left = difftime(timegm(&stamp), time(NULL));
+        tm_t = timegm(&stamp);
+        time_left = difftime(tm_t, time(NULL));
        days_left = time_left / 86400;
-        tm_t = mktime (&stamp);
+        tz = getenv("TZ");
-        strftime(timestamp, 50, "%c", localtime(&tm_t));
+        setenv("TZ", "GMT", 1);
+        tzset();
+        strftime(timestamp, 50, "%c %z", localtime(&tm_t));
+        if (tz)
+                setenv("TZ", tz, 1);
+        else
+                unsetenv("TZ");
+        tzset();
        if (days_left > 0 && days_left <= days_till_exp_warn) {
                printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp);
                if (days_left > days_till_exp_crit)
-                        return STATE_WARNING;
+                        status = STATE_WARNING;
                else
-                        return STATE_CRITICAL;
+                        status = STATE_CRITICAL;
+        } else if (days_left == 0 && time_left > 0) {
+                if (time_left >= 3600)
+                        time_remaining = (int) time_left / 3600;
+                else
+                        time_remaining = (int) time_left / 60;
+                printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"),
+                        (days_left>days_till_exp_crit) ? "WARNING" : "CRITICAL", cn, time_remaining,
+                        time_left >= 3600 ? "hours" : "minutes", timestamp);
+                if ( days_left > days_till_exp_crit)
+                        status = STATE_WARNING;
+                else
+                        status = STATE_CRITICAL;
        } else if (time_left < 0) {
                printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp);
                status=STATE_CRITICAL;
        } else if (days_left == 0) {
-                printf (_("%s - Certificate '%s' expires today (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp);
+                printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp);
                if (days_left > days_till_exp_crit)
-                        return STATE_WARNING;
+                        status = STATE_WARNING;
                else
-                        return STATE_CRITICAL;
+                        status = STATE_CRITICAL;
        } else {
                printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp);
-                status=STATE_OK;
+                status = STATE_OK;
        }
        X509_free(certificate);
        return status;
diff --git a/plugins/t/NPTest.cache.travis b/plugins/t/NPTest.cache.travis
index 4ebfb90e..fe8aabdb 100644
--- a/plugins/t/NPTest.cache.travis
+++ b/plugins/t/NPTest.cache.travis
@@ -17,13 +17,15 @@
  'NP_HOST_HPJD_PORT_INVALID' => '161',
  'NP_HOST_HPJD_PORT_VALID' => '',
  'NP_HOST_TCP_HTTP' => 'localhost',
-  'NP_HOST_TCP_HTTP2' => 'labs.consol.de',
+  'NP_HOST_TCP_HTTP2' => 'test.monitoring-plugins.org',
  'NP_HOST_TCP_IMAP' => 'imap.web.de',
+  'NP_HOST_TCP_LDAP' => 'localhost',
  'NP_HOST_TCP_POP' => 'pop.web.de',
  'NP_HOST_TCP_SMTP' => 'localhost',
  'NP_HOST_TCP_SMTP_NOTLS' => '',
  'NP_HOST_TCP_SMTP_TLS' => '',
  'NP_INTERNET_ACCESS' => 'yes',
+  'NP_LDAP_BASE_DN' => 'cn=admin,dc=nodomain',
  'NP_MOUNTPOINT2_VALID' => '',
  'NP_MOUNTPOINT_VALID' => '/',
  'NP_MYSQL_SERVER' => 'localhost',
diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t
index 2539a289..f514ca6f 100644
--- a/plugins/t/check_http.t
+++ b/plugins/t/check_http.t
@@ -6,9 +6,10 @@
 use strict;
 use Test::More;
+use POSIX qw/mktime strftime/;
 use NPTest;
-plan tests => 30;
+plan tests => 42;
 my $successOutput = '/OK.*HTTP.*second/';
@@ -34,6 +35,8 @@ my $host_tcp_http2  = getTestParameter( "NP_HOST_TCP_HTTP2",
            "A host providing an index page containing the string 'monitoring'",
            "test.monitoring-plugins.org" );
+my $faketime = -x '/usr/bin/faketime' ? 1 : 0;
 $res = NPTest->testCmd(
        "./check_http $host_tcp_http -wt 300 -ct 600"
@@ -47,10 +50,10 @@ $res = NPTest->testCmd(
 like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" );
 $res = NPTest->testCmd(
-        "./check_http $host_nonresponsive -wt 1 -ct 2"
+        "./check_http $host_nonresponsive -wt 1 -ct 2 -t 3"
        );
 cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" );
-cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 10 seconds", "Output OK");
+cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 3 seconds", "Output OK");
 $res = NPTest->testCmd(
        "./check_http $hostname_invalid -wt 1 -ct 2"
@@ -112,12 +115,46 @@ SKIP: {
        $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" );
        cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works");
+        # run some certificate checks with faketime
+        SKIP: {
+                skip "No faketime binary found", 12 if !$faketime;
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/OK - Certificate 'www.verisign.com' will expire on/, "Catch cert output");
+                is( $res->return_code, 0, "Catch cert output exit code" );
+                my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)/);
+                if(!defined $year) {
+                    die("parsing date failed from: ".$res->output);
+                }
+                my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11};
+                my $ts   = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900);
+                my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts));
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' just expired/, "Output on expire date");
+                is( $res->return_code, 2, "Output on expire date" );
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 0 minutes/, "cert expires in 1 second output");
+                is( $res->return_code, 2, "cert expires in 1 second exit code" );
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 minutes/, "cert expires in 2 minutes output");
+                is( $res->return_code, 2, "cert expires in 2 minutes exit code" );
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 hours/, "cert expires in 2 hours output");
+                is( $res->return_code, 2, "cert expires in 2 hours exit code" );
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expired on/, "Certificate expired output");
+                is( $res->return_code, 2, "Certificate expired exit code" );
+        };
        $res = NPTest->testCmd( "./check_http --ssl www.verisign.com -E" );
        like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
        like  ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
        $res = NPTest->testCmd(
-                "./check_http --ssl www.e-paycobalt.com"
+                "./check_http --ssl -H www.e-paycobalt.com"
                );
        cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" );
diff --git a/plugins/t/check_ldap.t b/plugins/t/check_ldap.t
new file mode 100644
index 00000000..b8944d4b
--- /dev/null
+++ b/plugins/t/check_ldap.t
@@ -0,0 +1,80 @@
+#!/usr/bin/env perl -I ..
+#
+# Lightweight Directory Access Protocol (LDAP) Test via check_ldap
+#
+#
+use strict;
+use warnings;
+use Test::More;
+use NPTest;
+my $host_tcp_ldap      = getTestParameter("NP_HOST_TCP_LDAP",
+                                          "A host providing the LDAP Service",
+                                          "localhost" );
+my $ldap_base_dn       = getTestParameter("NP_LDAP_BASE_DN",
+                                          "A base dn for the LDAP Service",
+                                          "cn=admin" );
+my $host_nonresponsive = getTestParameter("host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
+                                          "The hostname of system not responsive to network requests" );
+my $hostname_invalid   = getTestParameter("hostname_invalid",   "NP_HOSTNAME_INVALID",   "nosuchhost",
+                                          "An invalid (not known to DNS) hostname" );
+my($result, $cmd);
+my $command = './check_ldap';
+plan tests => 16;
+SKIP: {
+    skip "NP_HOST_NONRESPONSIVE not set", 2 if ! $host_nonresponsive;
+    $result = NPTest->testCmd("$command -H $host_nonresponsive -b ou=blah -t 2 -w 1 -c 1");
+    is( $result->return_code, 2, "$command -H $host_nonresponsive -b ou=blah -t 5 -w 2 -c 3" );
+    is( $result->output, 'CRITICAL - Socket timeout after 2 seconds', "output ok" );
+};
+SKIP: {
+    skip "NP_HOSTNAME_INVALID not set", 2 if ! $hostname_invalid;
+    $result = NPTest->testCmd("$command -H $hostname_invalid -b ou=blah -t 5");
+    is( $result->return_code, 2, "$command -H $hostname_invalid -b ou=blah -t 5" );
+    is( $result->output, 'Could not bind to the LDAP server', "output ok" );
+};
+SKIP: {
+    skip "NP_HOST_TCP_LDAP not set", 12 if ! $host_tcp_ldap;
+    skip "NP_LDAP_BASE_DN not set",  12 if ! $ldap_base_dn;
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 0, $cmd );
+    like( $result->output, '/^LDAP OK - \d+.\d+ seconds response time\|time=\d+\.\d+s;2\.0+;3\.0+;0\.0+$/', "output ok" );
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000 -C 10000001";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 0, $cmd );
+    like( $result->output, '/^LDAP OK - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000;10000001;0\.0+$/', "output ok" );
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000: -C 10000001:";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 2, $cmd );
+    like( $result->output, '/^LDAP CRITICAL - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000:;10000001:;0\.0+$/', "output ok" );
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 0 -C 0";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 2, $cmd );
+    like( $result->output, '/^LDAP CRITICAL - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;0;0;0\.0+$/', "output ok" );
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000: -C 10000001";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 1, $cmd );
+    like( $result->output, '/^LDAP WARNING - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000:;10000001;0\.0+$/', "output ok" );
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -C 10000001";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 0, $cmd );
+    like( $result->output, '/^LDAP OK - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;;10000001;0\.0+$/', "output ok" );
+};
diff --git a/plugins/t/check_snmp.t b/plugins/t/check_snmp.t
index 2d6c44a7..aefd872a 100644
--- a/plugins/t/check_snmp.t
+++ b/plugins/t/check_snmp.t
@@ -166,8 +166,8 @@ SKIP: {
 SKIP: {
    skip "no non responsive host defined", 2 if ( ! $host_nonresponsive );
    $res = NPTest->testCmd( "./check_snmp -H $host_nonresponsive -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:");
-    cmp_ok( $res->return_code, '==', 3, "Exit UNKNOWN with non responsive host" );
+    cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL with non responsive host" );
-    like($res->output, '/External command error: Timeout: No Response from /', "String matches timeout problem");
+    like($res->output, '/Plugin timed out while executing system call/', "String matches timeout problem");
 }
 SKIP: {
diff --git a/plugins/t/check_users.t b/plugins/t/check_users.t
index 39044bb5..088f3b52 100644
--- a/plugins/t/check_users.t
+++ b/plugins/t/check_users.t
@@ -13,7 +13,7 @@ use Test;
 use NPTest;
 use vars qw($tests);
-BEGIN {$tests = 4; plan tests => $tests}
+BEGIN {$tests = 8; plan tests => $tests}
 my $successOutput = '/^USERS OK - [0-9]+ users currently logged in/';
 my $failureOutput = '/^USERS CRITICAL - [0-9]+ users currently logged in/';
@@ -22,6 +22,8 @@ my $t;
 $t += checkCmd( "./check_users 1000 1000", 0, $successOutput );
 $t += checkCmd( "./check_users    0    0", 2, $failureOutput );
+$t += checkCmd( "./check_users -w 0:1000 -c 0:1000", 0, $successOutput );
+$t += checkCmd( "./check_users -w 0:0 -c 0:0", 2, $failureOutput );
 exit(0) if defined($Test::Harness::VERSION);
 exit($tests - $t);
diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t
index d93a0ecf..5984d489 100755
--- a/plugins/tests/check_http.t
+++ b/plugins/tests/check_http.t
@@ -186,21 +186,21 @@ SKIP: {
        $result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
        is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
-        is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar  3 21:41:00 2019.', "output ok" );
+        is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar  3 21:41:28 2019 +0000.', "output ok" );
        $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
        is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
-        like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar  3 21:41:00 2019\)./', "output ok" );
+        like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar  3 21:41:28 2019 \+0000\)./', "output ok" );
        # Expired cert tests
        $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" );
        is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" );
-        like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar  3 21:41:00 2019\)./', "output ok" );
+        like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar  3 21:41:28 2019 \+0000\)./', "output ok" );
        $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
        is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
        is( $result->output,
-                'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar  5 00:13:00 2009.',
+                'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar  5 00:13:16 2009 +0000.',
                "output ok" );
 }
diff --git a/plugins/tests/check_snmp.t b/plugins/tests/check_snmp.t
index 2fd033d2..73a68b20 100755
--- a/plugins/tests/check_snmp.t
+++ b/plugins/tests/check_snmp.t
@@ -128,7 +128,7 @@ sleep 1;
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
 is($res->return_code, 1, "WARNING - due to going above rate calculation" );
-is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666 ");
+is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666;600 ");
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
 is($res->return_code, 3, "UNKNOWN - basically the divide by zero error" );
@@ -209,7 +209,7 @@ is($res->output, 'SNMP OK - "stringtests" | ', "OK as inverted string no match"
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.12 -w 4:5" );
 is($res->return_code, 1, "Numeric in string test" );
-is($res->output, 'SNMP WARNING - *3.5* | iso.3.6.1.4.1.8072.3.2.67.12=3.5 ', "WARNING threshold checks for string masquerading as number" );
+is($res->output, 'SNMP WARNING - *3.5* | iso.3.6.1.4.1.8072.3.2.67.12=3.5;4:5 ', "WARNING threshold checks for string masquerading as number" );
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.13" );
 is($res->return_code, 0, "Not really numeric test" );
@@ -225,29 +225,29 @@ is($res->output, 'SNMP OK - "CUSTOM CHECK OK: foo is 12345" | ', "String check w
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
 is($res->return_code, 0, "Negative integer check OK" );
-is($res->output, 'SNMP OK - -2 | iso.3.6.1.4.1.8072.3.2.67.16=-2 ', "Negative integer check OK output" );
+is($res->output, 'SNMP OK - -2 | iso.3.6.1.4.1.8072.3.2.67.16=-2;-2:;-3: ', "Negative integer check OK output" );
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
 is($res->return_code, 1, "Negative integer check WARNING" );
-is($res->output, 'SNMP WARNING - *-3* | iso.3.6.1.4.1.8072.3.2.67.16=-3 ', "Negative integer check WARNING output" );
+is($res->output, 'SNMP WARNING - *-3* | iso.3.6.1.4.1.8072.3.2.67.16=-3;-2:;-3: ', "Negative integer check WARNING output" );
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
 is($res->return_code, 2, "Negative integer check CRITICAL" );
-is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.16=-4 ', "Negative integer check CRITICAL output" );
+is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.16=-4;-2:;-3: ', "Negative integer check CRITICAL output" );
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.17 -w -3: -c -6:" );
 is($res->return_code, 1, "Negative integer as string, WARNING" );
-is($res->output, 'SNMP WARNING - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4 ', "Negative integer as string, WARNING output" );
+is($res->output, 'SNMP WARNING - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4;-3:;-6: ', "Negative integer as string, WARNING output" );
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.17 -w -2: -c -3:" );
 is($res->return_code, 2, "Negative integer as string, CRITICAL" );
-is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4 ', "Negative integer as string, CRITICAL output" );
+is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4;-2:;-3: ', "Negative integer as string, CRITICAL output" );
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -c ~:-6.5" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -c '~:-6.5'" );
 is($res->return_code, 0, "Negative float OK" );
-is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6 ', "Negative float OK output" );
+is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;;~:-6.5 ', "Negative float OK output" );
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -w ~:-6.65 -c ~:-6.55" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -w '~:-6.65' -c '~:-6.55'" );
 is($res->return_code, 1, "Negative float WARNING" );
-is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6 ', "Negative float WARNING output" );
+is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;~:-6.65;~:-6.55 ', "Negative float WARNING output" );
diff --git a/plugins/utils.c b/plugins/utils.c
index 58b153d8..231af92b 100644
--- a/plugins/utils.c
+++ b/plugins/utils.c
@@ -144,8 +144,6 @@ usage5 (void)
 void
 print_revision (const char *command_name, const char *revision)
 {
-        char plugin_revision[STRLEN];
        printf ("%s v%s (%s %s)\n",
                 command_name, revision, PACKAGE, VERSION);
 }
@@ -630,3 +628,84 @@ char *fperfdata (const char *label,
        return data;
 }
+char *sperfdata (const char *label,
+ double val,
+ const char *uom,
+ char *warn,
+ char *crit,
+ int minp,
+ double minv,
+ int maxp,
+ double maxv)
+{
+        char *data = NULL;
+        if (strpbrk (label, "'= "))
+                xasprintf (&data, "'%s'=", label);
+        else
+                xasprintf (&data, "%s=", label);
+        xasprintf (&data, "%s%f", data, val);
+        xasprintf (&data, "%s%s;", data, uom);
+        if (warn!=NULL)
+                xasprintf (&data, "%s%s", data, warn);
+        xasprintf (&data, "%s;", data);
+        if (crit!=NULL)
+                xasprintf (&data, "%s%s", data, crit);
+        xasprintf (&data, "%s;", data);
+        if (minp)
+                xasprintf (&data, "%s%f", data, minv);
+        if (maxp) {
+                xasprintf (&data, "%s;", data);
+                xasprintf (&data, "%s%f", data, maxv);
+        }
+        return data;
+}
+char *sperfdata_int (const char *label,
+ int val,
+ const char *uom,
+ char *warn,
+ char *crit,
+ int minp,
+ int minv,
+ int maxp,
+ int maxv)
+{
+        char *data = NULL;
+        if (strpbrk (label, "'= "))
+                xasprintf (&data, "'%s'=", label);
+        else
+                xasprintf (&data, "%s=", label);
+        xasprintf (&data, "%s%d", data, val);
+        xasprintf (&data, "%s%s;", data, uom);
+        if (warn!=NULL)
+                xasprintf (&data, "%s%s", data, warn);
+        xasprintf (&data, "%s;", data);
+        if (crit!=NULL)
+                xasprintf (&data, "%s%s", data, crit);
+        xasprintf (&data, "%s;", data);
+        if (minp)
+                xasprintf (&data, "%s%d", data, minv);
+        if (maxp) {
+                xasprintf (&data, "%s;", data);
+                xasprintf (&data, "%s%d", data, maxv);
+        }
+        return data;
+}
diff --git a/plugins/utils.h b/plugins/utils.h
index 4c4aaccc..a436e1ca 100644
--- a/plugins/utils.h
+++ b/plugins/utils.h
@@ -94,29 +94,17 @@ const char *state_text (int);
 #define max(a,b) (((a)>(b))?(a):(b))
 #define min(a,b) (((a)<(b))?(a):(b))
-char *perfdata (const char *,
+char *perfdata (const char *, long int, const char *, int, long int,
- long int,
+                int, long int, int, long int, int, long int);
- const char *,
- int,
+char *fperfdata (const char *, double, const char *, int, double,
- long int,
+                 int, double, int, double, int, double);
- int,
- long int,
+char *sperfdata (const char *, double, const char *, char *, char *,
- int,
+                 int, double, int, double);
- long int,
- int,
+char *sperfdata_int (const char *, int, const char *, char *, char *,
- long int);
+                     int, int, int, int);
-char *fperfdata (const char *,
- double,
- const char *,
- int,
- double,
- int,
- double,
- int,
- double,
- int,
- double);
 /* The idea here is that, although not every plugin will use all of these, 
   most will or should.  Therefore, for consistency, these very common