XEN

https://wiki.alpinelinux.org/wiki/Xen_Dom0

setup-xen-dom0

apk add xen-hypervisor
apk add bridge
apk add seabios ovmf

echo "xen-netback" >> /etc/modules
echo "xen-blkback" >> /etc/modules
echo "tun" >> /etc/modules

rc-update add xenconsoled
rc-update add xendomains
rc-update add xenqemu
rc-update add xenstored

grub-mkconfig -o /boot/grub/grub.cfg
grub-set-default "$(grep ^menuentry /boot/grub/grub.cfg | grep Xen | cut -d \' -f 2 | head -1)"

https://xcp-ng.org/docs/architecture.html#api

https://ownyourbits.com/2018/06/13/transparently-running-binaries-from-any-architecture-in-linux-with-qemu-and-binfmt_misc/

export QEMU_LD_PREFIX=/usr/arm-linux-gnueabihf

/etc/qemu-binfmt.conf
EXTRA_OPTS="-L /usr/arm-linux-gnueabihf"

export CROSS_COMPILE=arm-linux-gnueabi-
make defconfig
make menuconfig
make

qemu-system-arm -curses -machine virt -bios u-boot.bin

PCI passthrough was indeed necessary for the software I'm using to pick up all network traffic properly (not bridging through the virtual switch). Doing so requires enabling IOMMU and using the legacy linux bridge backend networking (instead of the default Open vSwitch backend networking).

xl network-list opnsense
Idx BE Mac Addr. handle state evt-ch tx-/rx-ring-ref BE-path 
0 0 00:16:3e:3f:4f:61 0 5 -1 -1/-1 /local/domain/0/backend/vif/11/0

https://xenbits.xen.org/docs/4.15-testing/man/xl-network-configuration.5.html

https://wiki.xenproject.org/wiki/Device_Model_Stub_Domains

type=ioemu
vifspec
model=e1000
rate=10Gb/s

vif = ['bridge=lan,model=e1000,rate=10Gb/s']

device_model_stubdomain_override

QEMU

qemu-system-mips64 -cpu 24Kc -serial pty -nographic -monitor none -no-reboot -bios u-boot.bin