RecoveryRequest triggers PrepareRequest from Primary even if the time is not yet came to send it

[roman-khimov]

Consider a network operated by @aprasolova. She has seven consensus nodes and tries to play with one of them, substituting CN+IR setup with a single IR using internal CN. We have a network with TimePerBlock: 15s, but she accidentally sets it to 1s on the node she works with. What happens next is whole network creating blocks each ~1-3s which is obvious for the case when we have a primary node using 1s timeout, but less so when it's a backup. When it's a backup it sends a recovery request after ~2s which triggers

                        } else if d.IsPrimary() {
                                d.sendPrepareRequest()

in onRecoveryMessage on a primary and then everyone is rushing to complete a block.

Can @aprasolova be blamed for misconfiguration? YES, that's a huge and obvious mistake. But what she can't be blamed for is a single-node setting affecting whole network. This MUST NOT happen at the dBFT/CN level.

I'm wondering what would the C# node reaction be to a similar RecoveryRequest.

[vncoelho]

Sure, @roman-khimov,

In fact, that line could be removed.
It would be also good to keep in mind a mechanism that often check network parameters between nodes.