farp: Only remove one tracked entry

Multiple CHILD_SAs sharing the same traffic selectors (e.g. during
make-before-break reauthentication) also have the same reqid assigned.
If all matching entries are removed we could end up without entry even
though an SA exists that still uses these traffic selectors.

Fixes #2373.

diff --git a/src/libcharon/plugins/farp/farp_listener.c b/src/libcharon/plugins/farp/farp_listener.c
index e19fc59721db5173bd6f65accf6050d7ffda1f1e..28ced546ea898f7705c2109bfbfa23377635c35e 100644 (file)
--- a/src/libcharon/plugins/farp/farp_listener.c
+++ b/src/libcharon/plugins/farp/farp_listener.c
@@ -101,6 +101,7 @@ METHOD(listener_t, child_updown, bool,
                                entry->remote->destroy_offset(entry->remote,
                                                                                offsetof(traffic_selector_t, destroy));
                                free(entry);
+                               break;
                        }
                }
                enumerator->destroy(enumerator);