Sigh..all right, I've really run out of patience with you, but to end this off on a semi-helpful note I'll reply briefly. Read this, then read my post above again, think about it, read a book and maybe you'll get it.
ARP poisoning is the act of broadcasting malicious reply packets
s/is the act of broadcasting/amongst other things requires sending/;
my code does this very happily and in a very legitimate sort of way
No, it does this in the dumbest and least efficient way possible.
checked it using the tcpdump sniffer
Hint: tcpdump does not explain the whole packet to you, you won't actually see the ARP payload unless you manually inspect the packet content yourself (it shows you the Ethernet frame data, which is not necessarily the same as the ARP payload).
it does update the MAC address of the gateway
Newsflash: just because it works on your router, doesn't mean it'll work on others.
Oh, and I thought this was your network administrator's router? You know, the one who was so happy you notified him of this "vulnerability"...don't bother replying, I won't.