More and more code migrates from lock-based protection to the NET_EPOCH umbrella.
It requires some logic changes, including, notably, refcount handling.
When we have an ifa pointer and we're running inside epoch we're guaranteed that this pointer will not be freed.
However, the following case can still happen:
- in thread 1 we drop to 0 refcount for ifa and schedule its deletion.
- in thread 2 we use this ifa and reference it
- destroy callout kicks in
- unhappy user reports bug
To address it, ifa_try_ref() function is added, allowing to return failure when we try to reference ifa with 0 refcount.
Additionally, existing ifa_ref() is enforced with KASSERT to provide cleaner error in such scenarious.