What does the "ep" capability mean?
# getcap ./some_bin ./some_bin =ep
That binary has ALL the capabilites permitted (p) and effective (e) from the start.
In the textual representation of capabilities, a leading = is equivalent to all=.
From the cap_to_text(3) manpage:
In the case that the leading operator is
=, and no list of capabilities is provided, the action-list is assumed to refer to all capabilities. For example, the following three clauses are equivalent to each other (and indicate a completely empty capability set):all=;=;cap_chown,<every-other-capability>=.
Such a binary can do whatever it pleases, limited only by the capability bounding set, which on a typical desktop system includes everything (otherwise setuid binaries like su wouldn't work as expected).
Notice that this is only a "gotcha" of the textual representation used by libpcap: in the security.capability extended attribute of the file for which getcap will print /file/path =ep, all the meaningful bits are effectively on; for an empty security.capability, /file/path = (with the = not followed by anything) will be printed instead.
If someone is still not convinced about all that, here is a small experiment:
# cp /bin/ping /tmp/ping # will wipe setuid bits and extented attributes
# su user -c '/tmp/ping localhost'
ping: socket: Operation not permitted
# setcap =ep /tmp/ping
# su user -c '/tmp/ping localhost' # will work because of cap_net_raw
PING localhost(localhost (::1)) 56 data bytes
64 bytes from localhost (::1): icmp_seq=1 ttl=64 time=0.073 ms
^C
# setcap = /tmp/ping
# su user -c '/tmp/ping localhost'
ping: socket: Operation not permitted
It is not a capability.
It means effective-set and permitted-set.
It means the capabilities will be put in the permitted set (p), and all permitted capabilities will be copied into the effective set (e).
The e is used for legacy programs (possibly most programs at the current time), that is programs that don't know about capabilities, so can not them-selves copy capabilities from permitted to effective.
As for why there is what looks like and empty set (as @mosvy has pointed out) the authors of the library have confused all with none (infinity and zero are two of the most confused numbers).