Hi, While implementing extended key IDs for IWD I ran into this problem where a second set of rekeys (PTK + GTK) ended up losing broadcast traffic. Figuring it was a bug in my code I tried the same setup with wpa_supplicant + hostapd and ran into the exact same behavior. Monitoring NL80211 I can see there isn't much difference between my implementation and wpa_supplicant, in short both do the following: - Parse the extended key ID KDE from message 3 - Use NEW_KEY with an RX only flag - Send message 4 - Use SET_KEY with TX enable flag The kernel is happy with this, and the first rekey does in fact work. But when I rekey again I lose broadcast. One thing to note is that if I only rekey the PTK I can do this many times (I tried 10 in a row). One thing I noticed is that the PTK key ID toggles between 0 and 1, and the GTK key ID toggles between 1 and 2. They are never the same value at the same time, of course. I'm thinking the kernel has the old PTK and is using that instead of the GTK since the indexes (1) overlap. I can send logs upon request, but large messages need approval and in the past I haven't had much luck with that. Thanks, James _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap