--- squid-3.2/src/comm/TcpAcceptor.cc.bak	2012-12-03 13:27:20.961364778 +0200
+++ squid-3.2/src/comm/TcpAcceptor.cc	2013-05-01 07:48:00.046286162 +0300
@@ -51,6 +51,12 @@
 #include <netinet/tcp.h>
 #endif
 
+/* accept4 */
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
+#include <sys/socket.h>
+
 CBDATA_NAMESPACED_CLASS_INIT(Comm, TcpAcceptor);
 
 Comm::TcpAcceptor::TcpAcceptor(const Comm::ConnectionPointer &newConn, const char *note, const Subscription::Pointer &aSub) :
@@ -305,7 +311,8 @@ Comm::TcpAcceptor::oldAccept(Comm::Conne
     details->local.InitAddrInfo(gai);
 
     errcode = 0; // reset local errno copy.
-    if ((sock = accept(conn->fd, gai->ai_addr, &gai->ai_addrlen)) < 0) {
+    if ((sock = accept4(conn->fd, gai->ai_addr, &gai->ai_addrlen,
+                        SOCK_CLOEXEC | SOCK_NONBLOCK)) < 0) {
         errcode = errno; // store last accept errno locally.
 
         details->local.FreeAddrInfo(gai);
@@ -357,10 +364,6 @@ Comm::TcpAcceptor::oldAccept(Comm::Conne
     F->local_addr = details->local;
     F->sock_family = details->local.IsIPv6()?AF_INET6:AF_INET;
 
-    // set socket flags
-    commSetCloseOnExec(sock);
-    commSetNonBlocking(sock);
-
     /* IFF the socket is (tproxy) transparent, pass the flag down to allow spoofing */
     F->flags.transparent = fd_table[conn->fd].flags.transparent; // XXX: can we remove this line yet?
 
--- squid-3.2/src/comm.cc.bak	2012-12-03 13:20:50.504617964 +0200
+++ squid-3.2/src/comm.cc	2013-05-01 08:02:23.564749056 +0300
@@ -516,6 +516,7 @@ comm_openex(int sock_type,
 {
     int new_socket;
     struct addrinfo *AI = NULL;
+    int hackflags = 0;
 
     PROF_start(comm_open);
     /* Create socket for accepting new connections. */
@@ -528,7 +529,9 @@ comm_openex(int sock_type,
 
     debugs(50, 3, "comm_openex: Attempt open socket for: " << addr );
 
-    new_socket = socket(AI->ai_family, AI->ai_socktype, AI->ai_protocol);
+    if (!(flags & COMM_NOCLOEXEC)) hackflags |= SOCK_CLOEXEC;
+    if (flags & COMM_NONBLOCKING) hackflags |= SOCK_NONBLOCK;
+    new_socket = socket(AI->ai_family, AI->ai_socktype | hackflags, AI->ai_protocol);
 
     /* under IPv6 there is the possibility IPv6 is present but disabled. */
     /* try again as IPv4-native if possible */
@@ -637,10 +640,10 @@ comm_apply_flags(int new_socket,
     assert(new_socket >= 0);
     assert(AI);
     const int sock_type = AI->ai_socktype;
-
+#if 0
     if (!(flags & COMM_NOCLOEXEC))
         commSetCloseOnExec(new_socket);
-
+#endif
     if ((flags & COMM_REUSEADDR))
         commSetReuseAddr(new_socket);
 
@@ -670,13 +673,13 @@ comm_apply_flags(int new_socket,
             return -1;
         }
     }
-
+#if 0
     if (flags & COMM_NONBLOCKING)
         if (commSetNonBlocking(new_socket) == COMM_ERROR) {
             comm_close(new_socket);
             return -1;
         }
-
+#endif
 #ifdef TCP_NODELAY
     if (sock_type == SOCK_STREAM)
         commSetTcpNoDelay(new_socket);