[QUESTION] How to SOCKS-ify incompatible apps with IPtables?

[Anderhar]

Like some others, I would like to use NekoBox to break the path for VPN apps blocked in my region, but neither the TUN mode nor the SOCKS5 mode are suitable here.

Having my phone rooted, I tried VLESS clients in the form of Magisk modules, but these tools turned out to be difficult to maintain and unreliable, so then I thought: why not just redirect VPN apps to the NekoBox's SOCKS5 proxy using iptables?

Unfortunately, I have no idea what a rule should look like to redirect traffic of specific app UID to localhost proxy. Maybe someone with knowledge of iptables have an answer?

[Anderhar]

Okay, here's what I have.

Suggested approach is real and already implemented and well documented in Shadowsocks for Android, but all thanks to its third mode of operation Transproxy (along with VPN and SOCKS5 modes), which is still not available in NekoBox and other sing-box clients for Android.

As for SOCKS5, redirection to proxy of this type using IPtables is impossible without crutches like redsocks or tun2socks, which is an unnecessary complication.

So the question is: why Transproxy mode is omitted in NekoBox, despite its relation to Shadowsocks app?