This is committed to.
There are some design questions however.
As these structures are reference counted, we can safely hang on to this.
If asked about link status of a MAST device, then one just has to walk all SAs associated with this device, looking for at least one with SA which has not been obsoleted.
Once the device is down, then we should really discard any packets that arrive at the MAST device. We do not want to waste time encrypting things we would then through away.
We could do something like let 1seems like a poor choice, since routing daemons may have found other ways around in the meantime, so no traffic would ever reach us.
So, either way, we have to back back and lookup the outer destination of each SA whenever the routing able or physical interface link status changes.
The question is, are there such hooks?