This is based on some code review for PR 246951. I suspect that we
could move the lookup to after the IPSec check, but I would like a
minimal patch that I can backport to stable branches (there is a ia ref
leak there too).
I looked through other uses of NHR_REF but didn't find any other obvious
I am also a bit uncertain about nhop_ref_object(). It uses
refcount_acquire_if_not_zero(), but most callers don't check the return
value, presumably because it's assumed that it can never fail in those
cases. Should we assert that?