Part one is committed to. There is an issue that we currently do not look for expired SAs unless we are attempting to use them. To fix this, we will need to walk the SA table periodically.
Part two raises some design questions. Specifically, how does one know if the outer destination is routable unless looks?
As these structures are reference counted, we can safely hang on to this.
If asked about link status of a MAST device, then one just has to walk all SAs associated with this device, looking for at least one with SA which has not been obsoleted.
Once the device is down, then we should really discard any packets that arrive at the MAST device. We do not want to waste time encrypting things we would then through away.
We could do something like let 1% through to do the above test, but that seems like a poor choice, since routing daemons may have found other ways around in the meantime, so no traffic would ever reach us.
The first solution is preferred, but neither are committed to at this time.