Short Preamble and ieee80211w are broken

[Bima H.]

Hi,
recently I launch hostapd with short_preamble is set to 1 and
ieee80211w is set to 1. Then I perform flood deauthentication attack
to one of the client. The connection of the windows client to ap
retained for some time after then it disconnected (deauthenticated
after some deauth packets are injected). But then I disabled the short
preamble and then there was no disconnection again even if I injected
deauth packets.

There are 2 clients, sony phone wih android 8.0 and windows 10. Only
android has no pmf activated according to iw command, I dont know why.

Interresting things for me, when short_preamble is set to 1 was there,
ALL clients uses short preamble (i saw that from iw dev wlanx station
dump), even if windows client support long. But if short_preamble is
set to 0 or not configured, the android 8.0 STILL uses short preamble,
but windows uses long preamble. Is that normal behavior of hostapd?
Why android is still connected with short preamble even if I disabled
short preamble in hostapd already?

And why the connection of windows client can still be attacked by
disconnection injection if I enable short preamble in hostapd, while
it is not the case if short preamble is deactivated in hostapd?


Bima