Tracking issue for more aggressive removal of bad peers

[jmalicevic]

Original issue : tendermint/tendermint#9545

Description

This issue aims to cover a wide variety of use cases where Tendermint could remove bad peers more proactively. Peer removal is triggered by information from various reactors and aims to a) increase security and b) boost performance.

There are already a number of issues created around this topic.

Definition of done

• Define and specify bad peer behaviour. By bad behaviour we do not necessarily mean malicious behaviour. Rather, peers can be considered bad if they are slow, sending stale or unwanted messages or too frequent requests. Each issue tackling peer removal has to clearly identify what behaviour is considered bad.
• Node is disconnected from peers upon detection of bad behaviour.
• Changes are backported to 0.34.x
• Changes are backported to the latest 0.37 version
• QA tests are performed for each backport before release.

Individual issues tackling removal of bad peers

Mempool

• Removing transactions failing CheckTx. mempool: disconnect from faulty peers tendermint/tendermint#6523
• Allow application to return a code in CheckTx marking a transaction that never could have been valid, leading to a disconnect from the peer who sent this transaction.
  • mempool/p2p: Research implications of peer disconnect based on ResponseCheckTx #66
    - The use case where a node sends transactions that could never have been valid;
    Implications on the security and correctness model of Tendermint (how does the application know that it is this particular peer that should be removed, is this scenario not covered already by other layers in Tendermint, etc.);
    - What other changes in other parts of Tendermint should the implementation of this require;
    - If solution/problem still seem valuable, propose an implementation path taking into account potential need to refactor and change the p2p layer itself to support this.
  • Implement peer banning based on ResponseCheckTx #623
    Related issues from the tendermint repository:
    - Make CheckTx response indicate if a tx could never have been valid tendermint/tendermint#7918
    - mempool: punish peers sending txs that return certain ABCI codes in mempool tendermint/tendermint#2185

Consensus

• consensus: disconnect from bad peers tendermint/tendermint#2871
• Consensus: Peer Stats on Faulty Behavior tendermint/tendermint#6118

Blocksync

• Blockchain reactor: disconnect from bad peers tendermint/tendermint#2896

Pex/p2p

• Incompatible peers should be marked bad tendermint/tendermint#3081
• p2p/pex: disconnect from a peer if it sends us bad peers tendermint/tendermint#4754