TWI225736B - Mobile network agent - Google Patents

Abstract

A mobile network agent is installed in any network system. The mobile network agent automatically obtains the identification information of a mobile device that requests to establish connection with the network system and authenticate the identity of the mobile device. The authentication information is notified to the network system and the home network or the virtual private network (VPN) server of the mobile device. Communication packages coming from the home network or the VPN are received by the mobile network agent directly and are transmitted to the mobile device. On the other hand, communications packages coming from the mobile device are transmitted to the home network or the VPN via the mobile network agent, to be processed by the latter. Under the present invention, even if the mobile device or its home network is not installed with the mobile network agent, a mobile device is allowed to roam from network to network via a network system installed with the mobile network agent of this invention.

Description

1225736 V. Description of the invention (1) 1. [Technical field to which the invention belongs] This invention can still maintain the present invention. The present invention relates to a mobile network agent, and in particular, the mobile device can roam between different IP network segments. Mobile communication agent with good communication quality. 2. [Previous Technology] Due to the development of Internet and mobile communication application technologies, mobile computing devices (mob i 1 ed ev i ce) with mobile computing capabilities are used to connect to wireless network systems and enter Internet access stations. The need for information has become an increasingly important application. Various technologies have been developed to provide portable devices, such as laptops, personal digital assistants, to roam between network systems or IP network segments. In response to this urgent need, various regulations and standards have been developed internationally. For example, I E E £ 8 2 · 1 X standard and so on. The currently available mobile device roaming technology is mainly based on the so-called AAA architecture (Authentication, Authorization and Accounting infrastructure) to perform roaming information exchange protocols between system manufacturers (operators) connected to mobile devices. Under this architecture, when a mobile device connects to any network system, it needs to be connected to obtain authentication and authorization. When leaving the system and entering the scope of another network system (so-called network segment), you need to disconnect from the previous system and then connect with the next system and system. Perform the same network asset access. This disconnection and connection process is not only time-consuming, but the information access before the disconnection may also be interrupted, and it cannot be retrieved or resumed, causing inconvenience. In addition, the mobile device of the conventional technology must be

1225736 V. Description of the invention (2) The home network must be authenticated and authorized before it can connect with the external system (f 〇 r e i g η n e t w ◦ r k) while traveling. If the IP address given by the original network system is not obtained, the network system providing roaming service cannot be connected for information access. In the case of a firewall (firewa 1 1) in the network system, if the IP addresses conflict with each other (c ο 1 1 isi ο η) because of roaming results, for example, two or more use the same IP address, but originate from When mobile devices of different original network systems are connected to a network system at the same time, there will be confusion, a warning signal will be issued, and the accuracy of information access will be affected. Some Internet services are unavailable when IP address conflicts occur. In spite of the above difficulties, no matter how to use the conventional mobile device ’roaming service, an (1 ns ta 1 1) identity authentication device or software must be installed on the mobile device to perform the identity authentication process when roaming. For mobile device roaming applications, it is inconvenient. Therefore, there must be a novel mobile network agent that can be installed on the network system to automatically identify the identity of the mobile device and provide mobile device roaming services. At the same time, a mobile network agent is also needed to enable mobile devices without a network roaming identification tool to facilitate network roaming. At the same time, it is also necessary to provide a mobile network agent, which can eliminate the need for mobile devices to repeatedly authenticate and authorize when roaming between networks. At the same time, there must be a mobile network agent, which can avoid the communication interruption of mobile devices when changing the connection network system. Third, [invention content]

Page 8 1225736

V. Description of the invention (3) The purpose of the present invention is to provide a novel agent that can be installed on the network system side to provide mobile device roaming services. The purpose of the present invention is to provide a mobile network to cry ... The action of setting up a network roaming identification tool can make Fu Weijian also need to provide an action; : J Tour. The device repeatedly authenticates and authorizes hands when roaming between networks. The purpose of the present invention is to provide a mobile network to connect to a network system, and communication occurs] ... = In the system, the network agent Can read automatically; "Various network components" automatically send its IP address and the mobile network office :: Tu Zhizhi knows the network system, and sends it to its own; = network address The communication path "Virtua " ⑽te Netw〇rk_vpN" feeds directly from,-:, the communication packet of the original network system or its VPN server, then the action is signed! The network agent receives and forwards it to the action At the same time, the communication packet back to the original network will be processed by the mobile detailed server sent by the mobile network agent. The latter does not need to be installed in the mobile device. There is also no need to set up a mobile network agent: in the original network system. Any network system only needs to set up this service device to perform the network operation of "the identification tool for roaming service without device installation". Roaming, refer to other objects of the present invention And advantages, may be the following detailed description and the bayonet even more apparent.

1225736 V. Description of the invention (4) 4. [Implementation method] The mobile network agent of the present invention will be described below with reference to the drawings. Figure 1 shows a schematic diagram of a network system. In the figure, the one marked with (1 0) is the home network system to which the mobile device (90) belongs, including a virtual private network (VPN) server (1 1), a network Gate way (1 2), one action generation

The processor (13), most of the communication nodes (CN) (1 4), and a printer (1 5) can also include other computers and communication equipment to form a network system. The mobile device (90) has a registered address (account number) in its original network system (10), and a user number is also registered in the VPN server (1j); the Gate way (1 2) and The VPN server (1 1) has the IP address of the Internet. It is shown in FIG. 1 that the mobile device ^ a >, 9 U) is originally connected to the first external network μ system (foreign network) (20), and the first external network system (20) The connection status, and then enter the second external network system (30) into the second line. Each external network system (20) (30) may or may not have reason! Servants (31), GateWay Or router (22) (3 2), mobile agent (t ⑶) and communication node (24) (34) and so on. Now, on the net

= = Number ί other communication nodes ⑷). The lightning symbol) in the figure represents the connection, and the front A represents the transfer connection. The mobile network agent of the present invention is crying. The mobile device (90) roaming service (23) (33) is providing a system diagram of the processor. But. Figure 2 shows the action generation of the present invention. As shown in Figure 2, the action of the present invention and the same agent (50) are in the action.

1225736 V. Description of the invention (5) The device (40) and an identification module (51) of a network system (60) are used when a mobile device, n /, and: a mobile device) requests to establish a connection ， Obtain the authentication information of the mobile pen 罔 罔 路 system (60 VPN server, and get the original network system package transmission module (52), to receive and send the action: shell :;-an information cover The system (60) exchanges information with the outside world; one: ^ 40) through the network (..., used to install in the mobile) (40): == when the module is connected to the mobile network agent, and the mobile network Road agent road: It has a line network segment alternate processing module (54), which is used for travel; J = pass ^-each time 'to obtain the address of its original connected network system Vi: communication; and an IP conflict processing module (55), which is used to offload data streams when the address or account is set to the same address as other computer devices or systems.仃 Automatic device identification module The mobile device identification module (51) of the mobile network agent of the present invention has the ability to automatically obtain the identity of the mobile device (90). In the example of the present invention, the 'mobile network agent is a module identified by the mobile device when the mobile device (90) establishes a connection with the VPN server (11) of the original network system (1 0). The group (5 1) retrieves its identity authentication information. In practice, it can use the method of monitoring network packets to connect to the mobile device (90) and request the VPN server of its original network system (10). Π) When verifying its identity, start the mobile network proxy (50) and listen for network packets. When the VPN server (1 2) responds to the mobile device (90) and sends the authentication result packet, it can be obtained Authentication status information. For example, in PPTP (P〇int-to-point Tunneling

Page 11 1225736 V. Description of the invention (6)

In a Protocol (VPN) VPN, the VPN server uses Point-to-point Protocol (PPP) to send authentication data and results. Therefore, the packet is not encrypted, so the content can be obtained and recorded by the mobile device identification module (51), and the identity data is used for its control. In some other examples of the present invention, the mobile device identification module (51) uses SNMP (Simple Network Management Protocol, Simple Network Management Protocol) to query the user authentication status. In this mode, you can query the VPN server (1 1) using pol 1 ing or trap. In addition, an interface can also be provided in the VPN server (1 1) for the mobile device identification module (5 1) of the mobile agent to query the authentication status of the mobile device (9 0), or directly in the mobile agent. Build a VPN server. Can achieve similar results. In the application, the mobile device (90) does not connect on the original network system (10), but connects on the first external network system (20). In addition, the mobile device (90) and the first external network system (20) are connected through a communication protocol of a general network system. Since the first external network system (20) has a mobile network agent (2 3), the mobile device identification module (5 1) of the agent (2 3) captures the mobile device (9 0) and its The network packet of the VPN server (1 2) of the original network system (10) belongs to, identify its identity, and record it. In this case, the mobile network agent (23) uses a proxy ARP (Address resolution protocol) to guide the communication packet of the mobile device (90). Information packet transmission module The information packet transmission module (5 2) of the present invention is used to send and receive information packets instead of a mobile device (90).

Page 12 1225736 V. Description of the invention (7) Figure 3 shows a schematic diagram of the communication mode applicable to the mobile network agent of the present invention. As shown in FIG. 3, mobile network agents (13) and (23) are provided in the original network system (1 0) and the first external network system (20) of the mobile device (90). ). The communication between the mobile device (90) and the external communication node (44) is performed through the VPN server (11) of the original network system (10); the information received is decapsu 1 ated Information. The external communication nodes (44) applicable to the present invention include any Web server *, FTP server, and the like. The received packet from the mobile device (90) can be identified by using the IP address assigned by the VPN server (1 1) to the VPN user (c 1 i e n t). The IP address may be assigned by V P N Temple Service (11) after the mobile device (90) completes the connection. However, this IP address may also be converted into another IP address through network address translation. The packet sent by the external communication # Langdian (4 4) to the mobile device (90) is passed to the mobile agent of the original network system (10) according to the general IP routing rules. (1 3), and then the original network system (10) forwards the packet to the first external network system (20), and the information packet transmission module of its mobile agent (2 3) is sent to the mobile device (9 0). In the example in FIG. 3, the communication between the mobile device (90) and the VPN server (丨 丨) is through an external mobile agent (23) and a mobile agent (1) of the original network system (i). 3) Perform. Therefore, between the mobile device (90) and the mobile agent (3) of the original network system (10), vpN tunneling (VPN tunneling) is used as its communication channel. Applicable methods include pptp

Page 13 1225736 V. Description of the invention (8) Tunneling and so on. This layer of tunneling is packed and unpacked by the mobile device (90) and the mobile agent (2 3) (1 3). In addition, since the communication between the mobile device (90) and the VPN server (Π) of the original network system (1 0) is through the external action agent (2 3) and the original system action agent (1 3), In other words, between two mobile agents (23) (13), mobile IP tunneling (mobile IP tunneling) technology can be used. Applicable methods include IP-in-IP tunneling or GRE (Generic Routing Encapsulation) tunneling. The tunneling of this layer is packaged by the mobile agents (2 3) (1 3) of both parties. With the above design, when the mobile device (90) is connected to the vpn server (11) of the original network system (10) through the first external network system (20), the mobile network agents of both parties (2 3) (1 3) can automatically detect this request and take over. The mobile agent (2 3) (1 3) learns the authentication information by monitoring its connection packet, and then establishes a connection. The communication between the mobile device (9) and its original system's VPN server (1 1), and even the external communication node (44), is through the information packet transmission module (5 2 of the mobile agent (2 3) (1 3)) )get on. Mobile agent connection module The mobile network agent of the present invention provides a mobile agent connection module (5 3) to be established when the original network system (丨 〇) also has a mobile agent (1 3). Its direct communication channel. When establishing a connection between the two mobile agents (23) (1 3), the applicable methods include: the external mobile agent (2 3) directly uses the IP of the original network system (1 0) of the mobile device (9 0) Address is the destination, send l〇cat i〇n update

Page 14 1225736 V. Control information of invention description (9). According to the I p routing (rou ti n g) rule, the control information will be transmitted to the original network system (10). The mobile agent (1 3) on the original network system (1 q) uses the same monitoring method, such as prOxy ARp, to intercept the control information. The two can establish a connection, and the mobile device does not need to provide any additional information to the external action agent (2 3). Network segment processing module The function of the network segment processing module (5 4) is to perform the network segment replacement operation. In the first figure, the mobile device (90) is also shown to be disconnected from the first external network system (20) and connected to the second external network system (30). If the mobile device (90) uses DHCP (dynamic host configuration on pro toco 1) to obtain the IP address of the original network system (1 0), each time the network segment domain alternates ( hand 〇ff), the mobile device (90) may send a DHCP request or DHCP discover (service search information) to obtain a new dynamic IP assignment. In the present invention, the mobile agent (33) may use a DHCP server (not shown) in its network system (30) or its built-in DHCP server to perform network segment alternate processing to make the mobile device (90) Keep acquiring and using the same dynamic IP address. It is also feasible to use other methods to keep the mobile device (90) using the original dynamic IP address without disconnection. If the mobile agent (33) of the second external network (30) can learn the DHCP IP address of the first external network system (20) from the DHCP request of the mobile device, then The DHCP request or DHCP discover is sent to the external network system (2 0) of the original connection to the DHCP server. If the 2nd external network

1225736 Invention description (ίο) (30) The mobile agent (33) has stored the information of the original connected DHCP feeder of the mobile device (90). For example, the mobile device f (90) has been The second external, "Broadway (30) connection" is moved to another external network system, and the connection with the automatic agent, the mobile agent (33) of the second external network (30) ) Can also be known through other mobile agent queries, and send its DHCP request or DHCP discover to the original connected DHCP server. Of course, the mobile agent (33) forwards the DHCP request and discovers back to the first external network ( 20) may also be omitted.

On the contrary, if the mobile agent (33) of the second external network (30) does not know, the information of the connected DHCP server. However, the dynamic IP address obtained by the mobile device first can be obtained, for example, when the training Cp sent by the mobile device (9 〇) clearly seeks the option of τ to obtain the IP intently, then the The network proxy (33) may continue to assign the requested IP address to the mobile device (90) instead of the original ⑽CD server. Otherwise, the network agent (33) can also re-assign a new IP address to the mobile device (90). At this time, the VPN connection and authorization of the mobile device are interrupted, and the connection must be reconnected. When the DHCP server of the first external network system (20) receives the DHCP request or discover from the DHCP of the second external network system (30), it can extend the mobile device (9 〇) The lease period of the p address used. In another example of the present invention, the original network system (10) to which the mobile device (90) belongs does not have a mobile agent (13). At this time, when the mobile device (90) is connected to the first external network system (20), when the mobile device identification module (51) of its mobile agent (23) detects this phenomenon, can

Page 16 1225736, description of the invention (Η) The original network of the mobile device (90) belongs to the% f9 device (90) 's authorization information' and uses the obtained invention's roaming service. Under this design, the mobile device (90) can use the i-th external network system (20) to additionally register or provide an account in the original network system (10), and can be used outside the Authorized to use network resources. The first external network system (20). However, because there is no mobile agent on the original,:, and (1 0), m0blle IP tunnell, ng, so that the mobile device (90) is moving to the second external network. The communication system can maintain communication after the network system.] The second (23) must act as the temporary original network agent of the mobile device (90); the communication packet with the device ⑼j will pass through the mobile agent (33). Transmission via „oblle Ip tunneHng.” If the mobile device (90) uses the 1 [5 address of the original network, = IP address on the road system (20), at this time, the mobile agent (23 ) Yes, use NAT (Network Address Translation Protocol) to allow mobile devices ⑼) to connect to the VPN server (1 1) of the original network normally.: 亍 动 凌 置 (9 0) can also be used! Jp on the network system (20) = for example, via DHCP from the ㈣CD server on the first external network system (20) to 'get an IP address. No matter what's the case' mobile device (9 〇 ) Communication with vp N server 1) of the original network will be forwarded via mobile agent (2 3). 1 P conflict processing module Action of the invention Road agent having a conflict management module I p (I p 55 to address 4 at the mobile device, or other accounts, and other electrical code

Page 17 1225736 V. Description of the invention (12) When the IP address, account number, and code of the brain device are duplicated, resolve the conflict. Because the mobile device (90) uses the IP address given by its original network system (20), therefore, when two different mobile devices are connected to an external network system at the same time, it may happen 丨The phenomenon of p conflict (c〇 丨 H si 〇11). The mobile agent of the present invention uses the method traf f ic separation to separate the information flow (t r a f f i c) of two mobile devices to resolve the IP conflict phenomenon. This shunting technology can be used in any known way, such as VLAN (Virtual Local Area Network, such as IEEE 802.1Q) technology. Other methods capable of generating an identity code for a mobile device are also applicable to the present invention. The description is as follows: When sending information outward, the information packet sent from the mobile device (90), including the frame of layer 2, such as ARP (Address Inquiry Protocol, Access Resolution Protocol) information, will be automatically added. Put the VLAN tag, or other identification code, and send it to the mobile agent all the way. The mobile agent can determine which mobile device sends the packet according to the VLAN tag. If there are other lines

(Media Access Control, Media Address Control) address, this A request will not be sent directly to the two mobile devices, but by the two

These ARP requests. It is because the agent responds to the external data flow of the mobile device when receiving the external information ^ This VpN data transferred by the original network system, —e, VP VP 仞 angered T η ·. _ '/; ,, L 5 is connected by VPN, because the vnN data proxy agents from ~~ ... are easily distinguished by the VPN server's Ip address, and the mobile device with the address of ^ '. This is because the two mobile devices communicate:

^ 25736 V. Description of the invention (13) '--- ^ " One ^ VPN service status. Therefore, the identification method of a mobile device should be α “the original network and the IP address of the VPN server” plus “the original network system!” And not just the original network system. site. If the original network system I ρ address of the mobile device and the other mobile device's NS * (domain name, Domain Name System) or gateway IP = Ding Su ', such as the bit position of a mobile device The address is exactly the IP address of another mobile device, DNS, DNS. At this time, the information flow of mobile devices that cause IP conflicts can also be shunted in an n-like manner. Search for ^, if the original network system 1 P address of the subscription device happens to be mobile agent: 荽 a ^ address ^, then the mobile agent must use VLAN to make this trip independently. When the mobile device sends an ARP request to detect whether this IP is used by someone, it should be repeated to suppress the request.—4 The assistant agent should not reply to the message. For this action, the booking agent must be based in Guangzhou.

△ ”" MaSquerade "into other non-conflicting & IP The above figure shows the mobile network agent processing 1] of the present invention? Conflict flow chart. (2nd: All: 'Yu (4 〇1) The first mobile device first enters the external network (pint). Before the network authorization is established, the wireless network access point (the network set by the Access ^ packet switch will use the default 'UN 〇' to send the first mobile device). After the location update and on-the-road corps) rights, the "outer route agent" will complete the transmission with the VLAN of the original network agent. 丨: Dynamic equipment: = The packet entry / exit point or switch will be used as U04). The second mobile device at the address also entered

Page 19 1225736 V. Description of the invention (14) After the network is bound, similarly, before the network authorization is completed, the network packet of the second mobile device will use VLAN 0. At this time, although the two mobile devices use the same IP address, they will not interfere with each other's network communication because they are in different VLANs. At (405) the second mobile device also completed the location update and network authorization. The external network will (4) assign a VUN that will not conflict with the second mobile device. Take this figure as an example, because the external network knows that the second mobile device is in VLAN 1, it assigns VLAN 2 to the second mobile device. The purpose of VLAN (IEEE 802 · 1Q) is mainly to enable a physical area network to be divided into multiple virtual area networks. Although the two mobile devices are in the same physical network, as VI A Μ from the source m, the use of V LAN can offload the network packets of these two mobile devices and accompany them to the same network in different regional networks. In order to avoid interfering with each other according to IEEE 802.1 Q, a mobile agent is a mobile device. Since the maximum VLAN tag is 40 96, the same IP address can be used for a maximum of 4 0 6 5. [Effect of the invention] Utilizing the trip of the present invention Cao Λ

Ip suhnpt # ^ π, the same agent, no matter the mobile device goes to that cloth A f s u b n e t, can be Paula network information. The mobile device and i use the 1P address belonging to the original network system for communication. This does not mean that ^ ^ different external network systems move between the original network communication nodes do not need to reconnect, all With the mobile device 3, the mobile device is not able to recognize the subordinates, and the mobile device is no longer on the original network system. &Amp; 1 隹 Different external networks fail $ Some VPN connections do not need to be disconnected and reconnected,

段 改 # ， 伯 " After moving between rugged and rugged systems, although the external IP network is stunned, but on the moving device, page 20 1225736 V. Invention description (15)-" "-and It can quickly complete the network alternate action and keep the connection status. The mobile device applicable to the present invention may be a general mobile device platform. In order to support the IP network protocol and VPN application protocol, the mobile network agent of the present invention can be used without updating software functions or relying on supporting special communication protocols. Taking PC and notebook as examples, Mcr0s〇ft Wind 0ws, UNIX-like OS, MAC 0S, etc. can be used. Taking PDA as an example, pALM 0s, Microsoft WlnCE, and Llnux can be used. With a mobile phone device, you can use it as long as you can access the IP network and VPN connection. According to the present invention, in addition to crying for Wang Jun and Γ points, in addition to establishing a clear link, the user can automatically identify and confirm the user's identity authentication procedure. In addition to the use of 7 users, users do not need to perform additional or provide a mobile device: and communication: communication can also be encrypted. -Once you move to a different network or a VPN connection to the system, regardless of the mobile splitting, it will automatically identify and confirm the use of Ding: Line Cell (cen) alternately, and the mobile agent provides the identity authentication process. User ’s identity, users do n’t need to do it separately or [component symbol table] 10 original network system 11 virtual private network server 12 network gateway

13 Mobile network agent crying 14 Communication node 15 Printer 2 0 1st external network system

Page 21

1225736 V. Description of the invention (16) 22 Network gateway or router 23 Mobile network agent 24 Communication jack 30. Second external network system 31 Server 32 Network gateway or router 33 Mobile network Agent 34 communication point 40 mobile device 44 other communication khz point 50 mobile network agent 51 mobile device identification module 52 information packet transmission module 53 mobile agent connection module 54 network segment processing module 55 IP Conflict Resolution Module 60 Network System 90 Mobile Device 99 Connection

Page 22 1225736 Schematic description Figure 1 shows a schematic diagram of a network system. Figure 2 shows a system diagram of the mobile network agent of the present invention. Fig. 3 is a schematic diagram showing a communication mode applicable to the mobile network agent of the present invention. FIG. 4 shows a flowchart of handling IP conflicts by the mobile network agent of the present invention.

Page 23

Claims (1)

1225736 VI. Scope of patent application 1. A mobile network agent that enables a mobile device to establish a connection with its original network system through an external network, and the external network can establish a connection with the original network The mobile network agent has: a mobile device identification module for capturing authentication information of the mobile device and its original network system to obtain its identity information; an information packet transmission module for receiving, Sending information packets that the mobile device exchanges with the outside world through the outside network system; A mobile agent connection module for establishing a communication channel with the mobile network agent when the original network system of the mobile device has a mobile network agent; a network segment processing module for When the mobile device establishes a connection, it obtains the address information of its original connected network system, and sends updated information to the original connected network system; and an IP conflict processing module for the connected operation When the IP address or account of the device is the same as the IP address of another computer device or system, the data flow is divided. 2. If the mobile network agent of item 1 of the patent application scope, the mobile device identification module is activated when the mobile device requests the external network system to establish a connection. 3. For example, the mobile network proxy of the scope of patent application, wherein the mobile device identification module obtains authentication information when the mobile device establishes a connection with the VPN server of the external network system. 4. If the mobile network agent of item 1 of the patent application scope, wherein the mobile device identification module requests the original network system and obtains the action Page 24 ^ 5736 * Read the scope of the patent I. Identity information. ^ 5 If the mobile network agent of item 1 of the scope of patent application, the packet of δί1 is transmitted between the mobile agent and another mobile agent provided in the original network system.仃 6. If the mobile network agent in item 1 of the patent application scope, the packet is between the mobile agent and another mobile agent installed in the original network system. P tunneled transmission. 4 to 7 · If the mobile network agent in item 1 of the patent application scope, 苴: the parent processing module is activated when the mobile device sends a DHCP request or a DHcp server search signal. Task 8 · If the mobile network agent in item 7 of the scope of patent application is applied, the re-entry = alternate processing module, the DHCP request or the DHCp service search signal,: ,,,,,,,,,, etc., read the mobile device to establish a connection to the other Network system to extend the period of time that a person uses the jp address authorized by the other network system. ^ Ding Shame 9. If the mobile network Pu Shen's τ burst processing module of the first patent application scope can generate different identification η # generation state, where the different mobile devices with I ρ and IP address will Different identification codes are added to the stream with phase information. … Automatic devices and other computer devices: Ϊ 1 0. If the 硪 code in item 1 of the scope of patent application is VLAN identification. 1. Move the network agent, where the identification 1 1. If you apply for a patent, the identification code is added to the action of the mobile network agent 1 # ^ 4 The agent generated by the mobile device is, where The discrimination 1 Z · If the application is directed to a packet. The identification code is the action # 1 in # 1 range_ 路 # @ 万 、 迗 Install the agent T A, and the same agent in the action, and the discriminator should be a poor packet.