The APDU frame length of a Foreign Device Registry Answer message is six bytes long. The IncomingRequestParser.parseApdu() immediately sends all messages to the NPCI constructor, regardless of length checks, which subsequently chokes (array out of bounds) due to queue.size() being zero. I've inserted a couple changes to the source code to address this:

First, in IpNetwork.parseFrame():

			if (function != 0xa && function != 0xb && function != 0x4 && function != 0x0 && function != 0x5)
				throw new MessageValidationAssertionException("Function is not unicast, broadcast, forward"
						+ " or foreign device reg answer (0xa, 0xb, 0x4, 0x0, or 0x5)");

"function != 0x05" is missing from the original method, and prematurely chokes the method.

Secondly, I enclosed all of the lines in IncomingRequestParser.parseApdu() in the following if-statement:

			if (queue.size() > 6)

With a "return null;" to satisfy the return type.

This is logically avoiding all exceptions I've been experiencing while doing a device discovery across sub-nets. Because I'm not wholly aware of what else uses these methods, I cannot be certain if I have not broken something else yet. Anyone with any more familiarity, please advise!

The Dolphin's Grin

Edit: Realized that checking queue.size() >6 was more effective than setting and referencing an "isForeignDevMsg" flag.