How does ping work on Fedora without setuid and capabilities?

I think https://fedoraproject.org/wiki/Changes/EnableSysctlPingGroupRange answers your question:

Enable the Linux kernel's net.ipv4.ping_group_range parameter to cover all groups. This will let all users on the operating system create ICMP Echo sockets without using setuid binaries, or having the CAP_NET_ADMIN and CAP_NET_RAW file capabilities.

Cross-reference detail

• Targeted release: Fedora 31
• Last updated: 2019-08-13
• Tracker bug: #1740809
• Release notes tracker: #376

The sysctl documentation writes,

ping_group_range - 2 INTEGERS

Restrict ICMP_PROTO datagram sockets to users in the group range. The default is "1 0", meaning, that nobody (not even root) may create ping sockets. Setting it to "100 100" would grant permissions to the single group. "0 4294967295" would enable it for the world, "100 4294967295" would enable it for the users, but not daemons.

An older code example demonstrates the use of this feature, and in particular shows that a socket is created with the IPPROTO_ICMP flag to identify that it will be used for raw ICMP

int sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP)

from Fedora 31 the kernel parameter net.ipv4.ping_group_range has been set to cover all groups.

This will let all users on the operating system create ICMP Echo sockets without using setuid binaries, or having the CAP_NET_ADMIN and CAP_NET_RAW file capabilities.

sysctl net.ipv4.ping_group_range

net.ipv4.ping_group_range = 0   2147483647