On Sun, Sep 15, 2024 at 08:43:20AM +0000, Otcheretianski, Andrei wrote: > > Is that not the case? If it is not, how would you propose to resolve this > > condition? > > > > I think if the STA didn't get an ACK for M4 (or any other message) it should handle this by properly maintaining its internal state, rather than relying on some specific reason code from the AP, as different AP's may behave differently. As far as the question about use of SA Query procedure is concerned, a non-AP STA can initiate SA Query procedure for any reason at any point in time in an association where PMF has been negotiated, so there is not really any issue with the proposed patch from that view point. It might make sense to accept unprotected Deauthentication and Disassociation frames at the beginning of an association if no protected frame has been received from the AP yet. There might not be a convenient mechanism for determining that detail at the moment, but that would be kind of nice information to make available in the kernel interface.. Already available information for this could be the combination of the M4 not being reported as having been ACKed and only a small period of time having been passed from the STA having transmitted it. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap